Product Integrations
Cisco XDR
By transforming raw network traffic into comprehensive, actionable evidence, Corelight provides the rich network telemetry required to identify and mitigate advanced threats. The integration between Corelight Investigator and Cisco XDR streamlines the process of sending high-fidelity Corelight network evidence automatically to Cisco XDR through a pre-defined webhook workflow directly without requiring Splunk as a middleware layer.
The solution automates the normalization and parsing of rich, high-fidelity Corelight network detection alerts and log data into the appropriate OCSF (Open Cybersecurity Schema Framework) format, so it can be converted into Custom Security Events within Cisco XDR's Data Analytics Platform (DAP). These events are then promoted to Detection Findings and automatically evaluated for incident generation, enabling the correlation of network threats alongside other security telemetry directly within the Cisco XDR interface.