Cisco Security Cloud

3 min read

A new analyst shares their Cisco Live SOC experience, covering quick onboarding, using Cisco XDR and Endace for incident investigation, and building confidence in threat response.

2 min read

Windows clients expose Active Directory DNS queries on public Wi-Fi, risking OSINT and credential leaks. Learn from Cisco Live SOC observations how to protect clients with VPNs .

4 min read

Learn how Cisco Live SOC uses Splunk SPL and Endace PCAP to investigate exposed HTTP authentication and Kerberos activity, securing sensitive data on public Wi-Fi networks.

4 min read

Cisco Security and Splunk protected Cisco Live Melbourne 2025 in the Security Operations Centre. Learn about the latest innovations for the SOC of the Future.

4 min read

Explore a Cisco TME's experience in the Cisco Live SOC, detailing efficient onboarding, incident escalation, and a real-world DDoS attack investigation and response.

2 min read

Splunk's coalesce function treats empty fields as non-null. Learn to use Splunk macros to convert empty strings to nulls for accurate data selection and reliable detections.

3 min read

Cisco Live SOC adapted Splunk ESCU detections for Cisco Secure Firewall syslog. Learn to modify macros and promote EVE events to incidents for enhanced threat visibility and response.

3 min read

SOC teams need more evidence for deep investigations. Learn how Cisco XDR Forensics provides rich, interactive data to trace complex attacks and uncover malicious content.

2 min read

Learn how Cisco XDR integrates with StealthMole for real-time dark web threat intelligence, enabling SOC teams to rapidly identify and respond to compromised credentials.