Skip to main content

Cisco XDR

Updated

Step-by-step guide to integrate Qevlar AI with Cisco XDR using API credentials. Connect Cisco XDR to Qevlar AI to stream endpoint telemetry and detections directly into your investigations workspace.

Prerequisites

Only users with an Administrator role can add and manage API clients. So you need to be an Administrator to add Qevlar integration into Cisco XDR.

Information

Cisco XDR is built upon a collection of APIs which can be used to integrate your Cisco and third-party security products, automate the incident response process, and manage threat intelligence and security context data in a single location. For information on using the Cisco XDR APIs, see the interactive Cisco XDR API Documentation on Cisco Developer.

To integrate Qevlar with Cisco XDR, you will need to navigate into Administration > API Clients:

Cisco XDR API Client Credentials

1. Create an API client in Cisco XDR

  1. Choose Administration > API Clients in the navigation menu and click Generate API Client.
Cisco XDR API Clients
  1. Enter a Client Name and optionally, choose a Client Preset from the drop-down list.
note

If you choose a Client Preset, all of the scopes are pre-configured for a particular function.

  1. If you did not choose a Client Preset, check the check boxes for the scopes for which you want to grant privileges to the client. You can also click Select All to grant all scopes to the client.
  2. Optionally, enter a description in the Description field and click Add New Client. The Client Id and Client Password are generated and are displayed in the Add New Client dialog box.
Cisco XDR Add New Client
warning

The Client Password cannot be recovered after you close the window. Be sure to securely store it where you have access to it later, if needed. If you lose or disclose the client password, you must delete the API client and create a new one.

  1. Copy the Client Id and Client Password to your clipboard and store it in a secure location.
  2. Confirm the new client appears in the list.

The API Client is tied to your user identity. If your user identity loses privileges, then your API Client will also lose those privileges. All actions taken by the API Client will be done in your name, and recorded as your actions. If your access to the application is revoked, then your API Client will no longer be valid.

2. Qevlar AI Integration

  1. Navigate to your Qevlar platform
  2. Select Integrations from the menu
Qevlar platform
  1. Locate Cisco XDR and click +.
  2. In the dialog paste the Client Id and Client Password you copied earlier.
Cisco XDR Configuration Dialog
  1. Paste the Client Id and Client Secret corresponding of the Client Password you copied earlier.
  2. Click Test & Save to save the integration.


 

Related articles