Skip to content
XDR Forensics Knowledge Base
Search
Ctrl
K
Cancel
cisco.com
XDR Forensics
Home
Overview
What is XDR Forensics?
Terminology
Architecture
Overview
XDR Forensics Responder Architecture; overview and performance analysis
XDR Forensics Task Flow and Management
Network Communication
Cloud Forensics
Overview
GCP Deployment: Technical Details
Setup
Overview
Responder
Overview
Responder Hardware Requirements
Responder - Supported Operating Systems
Responder for Golden Images
Responder and Active Directory OUs
Responder Exception Rules for EPP and EDR
Overview
XDR Forensics Watchdog Folder
FDA via Jamf and Apple's PPPC utility
Responder Tamper Detection
Responder in Windows Safe Mode
Proxy Configurations
Overview
Adding proxy to Responder
Additional Proxy Details
Security
Overview
Two-factor authentication (2FA)
Settings
Overview
Console Settings
Overview
General
Assets
Features
Evidence Repositories
Policies
User Management
Investigation Hub Disk Usage
Danger Zone
Updating
Overview
Console Updating - SaaS
Features
Overview
Asset Isolation
Overview
Maintenance Mode
Acquisition
Overview
Acquisition Profiles
Disk and Volume Imaging
Overview
Imaging with interACT
macOS Disk Imaging
Scheduling Tasks
Task Creation
Overview
Asset Management with Persistent Saved Filters
Regex in DRONE:
Task Cancellation and Deletion
Auto Tagging & Tags
Overview
Tags
Chain Of Custody
Compare
Console Audit Logs
DRONE
Overview
What is DRONE?
Server-side DRONE Analysis
What is an Analysis Pipeline?
Analyzers
MITRE ATT\&CK Analyzer changelog
Event Subscription
Evidence Repositories
Overview
Generating a SAS URL
File Explorer
Overview
File Explorer - FAQs
Hunt/Triage
Overview
Schedule Hunt/Triage Tasks
Hunt/Triage Rule Templates
Overview
Sigma Templates
YARA Templates
osquery Templates
Integrations
Overview
Webhooks
Overview
Carbon Black Cloud Integration
Cisco XDR Integration
Cortex XSOAR Integration
Crowdstrike Integration
Dynatrace Integration
Elasticsearch Logstash Kibana Integration
Fortigate SIEM Integration
IBM QRadar Integration
LogicHub SOAR (DEVO) Integration
Mattermost Integration
Microsoft 365 Defender Integration
Microsoft Sentinel Integration
Rapid7 InsightIDR Integration
SentinelOne Integration
ServiceNow Integration
Slack Integration
Splunk Integration
Stellar XDR Integration
Sumo Logic Integration
Wazuh Integration
interACT
Overview
interACT Commands
interACT Command Snippets
PowerShell commands in interACT
Investigation Hub
Overview
Investigation Hub – Data Usage Statistics Dashboard
Using the Investigation Hub
Off-Network Responder
Overview
biunzip
Overview
biunzip password file
Setting Up a Custom Case Directory
Policies
Repository Explorer
Responder Proxy Support
Timeline
Integrations
Overview
Webhooks
Overview
Mattermost Integration
Splunk Integration
IBM QRadar Integration
Wazuh Integration
Cortex XSOAR Integration
Elasticsearch Logstash Kibana Integration
ServiceNow Integration
Sumo Logic Integration
Crowdstrike Integration
Microsoft Sentinel Integration
Slack Integration
Carbon Black Cloud Integration
Rapid7 InsightIDR Integration
LogicHub SOAR (DEVO) Integration
Fortigate SIEM Integration
Dynatrace Integration
Stellar XDR Integration
SentinelOne Integration
Microsoft 365 Defender Integration
Cisco XDR Integration
Troubleshooting
Overview
Understanding MSI Error Code 1618
Collecting Responder Log Files
Collecting Off-Network Responder Log Files
FAQs
Overview
How to download the collected evidence and artifacts?
Collecting Responder Log Files
Managing database usage
Collecting Off-Network Responder Log Files
Responder troubleshooting
Understanding Port Usage
How many assets can connect to a single Console instance?
Can I use XDR Forensics with EDR/XDR Products?
Can I integrate XDR Forensics with my SOAR/SIEM?
Monitoring Responder and UI API's
How do I update Responders on assets?
Is there a way to move an asset from one Organization or Case to another?
Anything missing?
General
Open Source Licenses
cisco.com
XDR Forensics Knowledge Base
On this page
Overview
Anything missing?
Contact Cisco Support
:::
