Unmasking Attacks With Cisco XDR at the GovWare SOC
During GovWare, Cisco XDR detected 39 incidents. The SOC team conducted analysis and response actions, and reported critical incidents to the GovWare NOC.
All Blogs
Splunk SOAR in Action at the GovWare: Zero-Touch Clear Text Password Response
At GovWare 2025, the SOC team combined ES with Splunk SOAR to fully automate and track the incident response process.
GovWare Captive Portal: (Splash Page)
Cisco provided a splash page for GovWare 2025, a click-through captive portal. Learn how the team did it.
SOC in a Box Hardware Refresh
Learn about the "SOC in a Box" hardware refresh the team deployed for GovWare 2025.
Monitoring Encrypted Client Hello (ECH) With Cisco Secure Firewall
At GovWare 2025, the SOC team observed ECH activity. Learn more about this and how it impacted security.
Cisco XDR Agentic AI With Cisco’s Foundational AI Model
At GovWare, we showcased a proof of concept built on Cisco's Foundation AI model on Hugging Face.
Guardians of GovWare: Real-Time Threat Detection With Cisco Secure Access
Secure Access served as the primary method of securing DNS-layer traffic for the GovWare 2025 Security Operations Centre (SOC).
Hunting the Suspicious Network Activity at GovWare 2025 Using Splunk
Learn how the SOC team conducted threat hunts using Splunk at GovWare.
Apple Content Caching to Conserve Network Bandwidth
At GovWare in 2025, the SOC team noticed that Apple updates consumed a large portion of network bandwidth.