Building An XDR Integration With Splunk Attack Analyzer
Cisco, July 2,2025
Cisco XDR is an infinitely extensible platform for security integrations. Like the maturing SOCs of our customers, the event SOC team at Cisco Live San Diego 2025 built custom integrations to meet our needs.
You can build your own integrations using the community resources announced at Cisco Live. It was an honor to work with the XDR product management and engineering teams to publish these resources.
For some background, we started using Splunk Attack Analyzer (SAA) at RSAC 2025 Conference and created a small dashboard tile to show some data for us to look at. It was also our first time using it in this setting, so we didn't have any integrations created with Cisco XDR yet. At Cisco Live, we wanted our analysts to be able to lookup artifacts, like URLs, Domains, or File Hashes, in SAA. We also wanted our analysts to be able to submit a URL or domain to SAA for automated analysis.