Explore Cisco
How to Buy

Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Cisco SecureX Getting Started Guide

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Book Contents
Find Matches in This Book
Available Languages
Download Options

Book Title

Cisco SecureX Getting Started Guide

Chapter Title

Cisco SecureX Ribbon

Results

Updated:
December 8, 2021

Chapter: Cisco SecureX Ribbon

Cisco SecureX Ribbon

This chapter provides an overview of the ribbon in Cisco SecureX, including the following:

Ribbon

Cisco SecureX is both a centralized console and a distributed set of capabilities that unify visibility, enable automation, accelerate incident response workflows, and improve threat hunting. These distributed capabilities are presented in the form of applications (apps) and tools in the SecureX ribbon.

The ribbon is located in the lower portion of the page, and persists as you move between the dashboard and other security products in your environment.

Figure 1. SecureX Ribbon - Collapsed

Use the ribbon to access the casebook, apps, settings, search observables for enrichment, view notifications, and view incidents.


Note

If you are an unactivated user in SecureX Demo, you must click Configure a Module to activate your SecureX account by enabling an integration module before you can access the ribbon.

Ribbon Icons and Elements

The following icons and elements are displayed on the Cisco SecureX ribbon.

Figure 2. Ribbon Icons and Elements

Expand/Collapse Ribbon

Click the +/- icons to expand or collapse the ribbon. When the ribbon is expanded, you can drag the container up and down or a double arrow up and down anywhere on the entire top side of the panel to resize the height of the panel.

Figure 3. SecureX Ribbon - Expanded

Notifications

The (Notifications) icon displays the number of unread notifications. Click the icon to display the notifications of incidents that are assigned to you by other users in the Notifications popup. Once you click the icon, the unread notifications are marked as read and the number of unread notifications resets.

Figure 4. Notifications

View Notification Details

Each notification includes the notification type, the date of the notification, an incident title link that opens the incident in the incidents app, and a source link that opens the source of the incident (if applicable). See the Incidents App topic in the SecureX online help for more information on the incidents app.

Remove Notification

To remove a notification, hover over the notification and click the Clear icon. This also removes the notification from the Notifications Center.

Access Notifications Center

Click Go to Notifications Center link to open the Notifications Center page and manage the notifications. See the Notifications Center topic in the SecureX online help for more information.

Home

Use the ribbon Home page to open the ribbon apps, Notifications Center, and ribbon settings, launch integrated applications, and view your account profile which includes your user name, account email address, role, organization, and IDP used to log in.

As you move to other pages in the ribbon, click the Home icon to return to the ribbon Home page.

Casebook App

Click the casebook app icon to open the casebook app and save information about your threat analysis. You can also hover over the icon to view details about the current case. For more information, see the Casebook App topic in the SecureX online help.

Incidents App

Click the incidents app icon to open the incidents app and view incidents from the integrated products. You can also hover over the icon to view details about the incidents assigned to the current case. For more information, see the Incidents App topic in the SecureX online help.

Orbital App

Click the Orbital app icon to open the Orbital app and perform additional queries. For more information, see the Orbital App topic in the SecureX online help.

Enrichment Search Box

Enter search criteria in the Enrichment search box and press Enter to begin extracting observables. You can then click Add to Case or Investigate in Threat Response. See the Search for Observables topics in the SecureX online help for more information.

Find Observables

Click the Find Observables icon to search the current web page for malicious file hashes, suspicious domains and other cyber observables. You can then click Add Observables to Case or Investigate in Threat Response. See the SecureX online help for more information.

Settings

Click the Settings icon to open the SecureX ribbon and casebook settings.

  • SecureX Ribbon Settings:

    • Theme - Click the option to specify the background color of the ribbon:

      • Light - Displays a light background (default).

      • Dusk - Displays a dark background.

      • Automatic - Displays the background to automatically match the theme of the integrated product.

        When Automatic theme is selected, you can also choose to automatically set it to the Inverse of the product theme or Match the product theme.

    • Bar Format - Click Full or Reduced to set the size of the ribbon when it is collapsed. Depending on the integration, this feature may be disabled.

    • Storage - Click the Clear Storage button to clear the stored settings and state for the ribbon and all the ribbon applications. This will not delete any data objects such as casses and incidents.

    • Version - The release version number of the ribbon.

    • Reset - Click the Reset to Defaults button to reset all settings for the SecureX ribbon to the default values.

  • Casebook Settings:

    • Auto Open - Check the check box to automatically open a newly created case in the casebook. The check box is checked by default. Uncheck the check box if you do not want a new case to open by default in the casebook.

      If you want to always swap to the Casebook app when creating a new case, check the check box. The check box is checked by default. Uncheck the check box if you do not want to swap to the Casebook app when creating a new case.

    • Observable Sort - Click the option to sort the list of observables in a case:

      • Newest - Displays the list of observables in the order the observables were added to the case, from newest to oldest.

      • Oldest - Displays the list of observables in the order the observables were added to the case, from oldest to newest.

      • Alphabetical - Displays the list of observables in alphabetical order, from A to Z.

    • Reset - Click the Reset to Defaults button to reset all settings for the casebook app to the default values.

  • Notification Center Settings:

    • Do Not Disturb - Click to enable or disable the toasts for incoming notifications and the number of unread notifications displayed on the Notifications icon. The toggle is disabled (Off) by default; if you want to enable the option, enable Do Not Disturb by toggling to On.

    • Reset - Click the Reset to Defaults button to reset the setting for notification center to the default value.

Help

Click the Help icon on the SecureX ribbon to open the Ribbon topic in the SecureX online help to learn more about the features and apps.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco