Adding Observable to Casebook for Threat Analysis using Cisco SecureX Ribbon and Pivot Menu

Before you begin

Make sure that you obtain the client ID and client password to access the Cisco SecureX Ribbon and pivot menu widgets on your appliance. For more information, see Accessing the Cisco SecureX Ribbon.

Procedure

Step 1

Log in to the new web interface of your appliance. For more information, see Accessing the Web Interface.

Step 2

Navigate to the Email Reporting or Web Reporting page, click the pivot menu button next to the required observable (for example, bit.ly).

Perform the following:

  • Click button to add an observable to active case.

  • Click button to add the observable to new case.

Note
Use the pivot menu button to pivot an observable to other devices registered on the portal (for example, AMP for Endpoints) to investigate for threat analysis.
Step 3

Hover over icon and click button to open the Casebook. Check whether the observable is added to a new or an existing case.

Step 4

(Optional) Click button to add a title, description, or notes to the Casebook.

Note
You can search for observables for threat analysis in two different ways:

  • Click the Enrichment search box from the Cisco SecureX Ribbon and search for the observables.

  • Click the Casebook icon inside the Cisco SecureX Ribbon and search for the observables in the search field.

For more information on Cisco SecureX Ribbon, see https://securex.us.security.cisco.com/help/ribbon.