The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This chapter provides an overview of the ribbon in Cisco SecureX, including the
Cisco SecureX is both a centralized console and a distributed set of capabilities that
unify visibility, enable automation, accelerate incident response workflows, and improve
threat hunting. These distributed capabilities are presented in the form of applications
(apps) and tools in the SecureX ribbon.
The ribbon is located in the lower portion of the page, and persists as you move between
the dashboard and other security products in your environment.
Use the ribbon to access the casebook, apps, settings, search observables for enrichment, view notifications, and view incidents.
If you are an unactivated user in SecureX Demo, you must click Configure a Module to activate your SecureX account by enabling an integration module before you can access the ribbon.
Ribbon Icons and Elements
The following icons and elements are displayed on the Cisco SecureX ribbon.
Click the +/- icons to expand or collapse the ribbon. When the ribbon is expanded, you can drag the container up and down or a double arrow
up and down anywhere on the entire top side of the panel to resize the height of the panel.
The (Notifications) icon displays the number of unread notifications. Click the icon to display the notifications of incidents that are assigned
to you by other users in the Notifications popup. Once you click the icon, the unread notifications are marked as read and the number of unread notifications resets.
View Notification Details
Each notification includes the notification type, the date of the notification, an incident title link that opens the incident
in the incidents app, and a source link that opens the source of the incident (if applicable). See the Incidents App topic in the SecureX online help for more information on the incidents app.
To remove a notification, hover over the notification and click the Clear icon. This also removes the notification from the Notifications Center.
Access Notifications Center
Click Go to Notifications Center link to open the Notifications Center page and manage the notifications. See the Notifications Center topic in the SecureX online help for more information.
Use the ribbon Home page to open the ribbon apps, Notifications Center, and ribbon settings, launch integrated applications, and view your account
profile which includes your user name, account email address, role, organization, and IDP used to log in.
As you move to other pages in the ribbon, click the Home icon to return to the
ribbon Home page.
Click the casebook app icon to open the casebook app and save information
about your threat analysis. You can also hover over the icon to view details about
the current case. For more information, see the Casebook App topic in the
SecureX online help.
Click the incidents app icon to open the incidents app and view incidents from
the integrated products. You can also hover over the icon to view details about the
incidents assigned to the current case. For more information, see the Incidents
App topic in the SecureX online help.
Click the Orbital app icon to open the Orbital app and perform additional
queries. For more information, see the Orbital App topic in the SecureX
Enrichment Search Box
Enter search criteria in the Enrichment search box and press Enter to
begin extracting observables. You can then click Add to Case or
Investigate in Threat Response. See the Search for Observables
topics in the SecureX online help for more information.
Click the Find Observables icon to search the current web page for malicious
file hashes, suspicious domains and other cyber observables. You can then click
Add Observables to Case or Investigate in Threat Response. See the
SecureX online help for more information.
Click the Settings icon to open the SecureX ribbon and casebook settings.
SecureX Ribbon Settings:
Theme - Click the option to specify the background color of
Light - Displays a light background (default).
Dusk - Displays a dark background.
Automatic - Displays the background to automatically
match the theme of the integrated product.
When Automatic theme is selected, you can also choose
to automatically set it to the Inverse of the product
theme or Match the product theme.
Bar Format - Click Full or Reduced to set the
size of the ribbon when it is collapsed. Depending on the
integration, this feature may be disabled.
Storage - Click the Clear Storage button to clear the
stored settings and state for the ribbon and all the ribbon
applications. This will not delete any data objects such as casses
Version - The release version number of the ribbon.
Reset - Click the Reset to Defaults button to reset all
settings for the SecureX ribbon to the default values.
Auto Open - Check the check box to automatically open a newly
created case in the casebook. The check box is checked by default.
Uncheck the check box if you do not want a new case to open by
default in the casebook.
If you want to always swap to the Casebook app when creating a new
case, check the check box. The check box is checked by default.
Uncheck the check box if you do not want to swap to the Casebook app
when creating a new case.
Observable Sort - Click the option to sort the list of observables in a case:
Newest - Displays the list of observables in the order the observables were added to the case, from newest to oldest.
Oldest - Displays the list of observables in the order the observables were added to the case, from oldest to newest.
Alphabetical - Displays the list of observables in alphabetical order, from A to Z.
Reset - Click the Reset to Defaults button to reset all
settings for the casebook app to the default values.
Notification Center Settings:
Do Not Disturb - Click to enable or disable the toasts for incoming notifications and the number of unread notifications displayed on the
Notifications icon. The toggle is disabled (Off) by default; if you want to enable the option, enable Do Not Disturb by toggling to On.
Reset - Click the Reset to Defaults button to reset the setting for notification center to the default value.
Click the Help icon on the SecureX ribbon to open the Ribbon topic in the SecureX online help to learn more about the features and apps.