Technology Integration
Important
Medium
90% Confidence
Cisco Demonstrates Bidirectional XDR-Splunk ES Integration
Summary
Cisco showcased a SOC innovation at Cisco Live EMEA 2026 featuring automated bidirectional workflows between XDR and Splunk ES via API integration. The solution includes status synchronization, event transformation, and Webex notifications, reducing platform switching time and improving SOC response efficiency.
Key Takeaways
Cisco SOC demonstrated bidirectional integration between XDR and Splunk Enterprise Security.
Key mechanism: When event status changes to 'Open: Reported' in XDR, API sends event summary to Splunk HTTP Event Collector, converted to ES investigation via analytical steps. Splunk SOAR automatically escalates to formal investigation and copies work logs.
Bidirectional sync: Post-investigation status updates are returned to XDR via SOAR playbooks, with Webex notifications enabling cross-platform collaboration.
Key mechanism: When event status changes to 'Open: Reported' in XDR, API sends event summary to Splunk HTTP Event Collector, converted to ES investigation via analytical steps. Splunk SOAR automatically escalates to formal investigation and copies work logs.
Bidirectional sync: Post-investigation status updates are returned to XDR via SOAR playbooks, with Webex notifications enabling cross-platform collaboration.
Why It Matters
which may affect the competitive landscape of multi-platform security tool collaboration....