Cisco Threat Response is built upon a collection of APIs; which can be used to integrate your Cisco and third-party security products, automate the incident response process and manage threat intelligence and security context data in a single location. Over the next few months, our team will be working with ecosystems partners who already integrate with Cisco Threat Grid, Cisco AMP for Endpoints and Cisco Umbrella, to also integrate with Threat Response. Our priority will be providing engineering expertise to our Threat Intelligence, SIEM and SOAR partners; however, we support an open integration ecosystem.

Some of the things you can do now with the Threat Response API include:

  • Enrich an IP address, or file hash
  • Load threat intelligence into your Private Intel Store
  • Manage your casebooks and investigation snapshots
  • Automate response actions
  • Provide a link for users to click and Investigate an alert or observable

You can find the API documentation here.

Threat Response Integration Scripts

The first three open-source integration examples, by Michael Auger, are available on the Cisco Security GitHub repository.

You can gitter to join the chat with a Cisco engineer about this script and others. Look for more open-source scripts to be coming soon. To learn more about Threat Response, visit our product page.

Want to keep up to date on Cisco Threat Response? Now you can! Subscribe here to receive alerts every time a new blog is posted.


Jessica Bair

Director, Cisco Secure Strategic Alliances

Advanced Threat Solutions