Re: XDR Microsoft Windows Endpoint Target

TomML · ‎10-09-2024

Is there any additional documentation (blogs, webinars, etc) beyond Microsoft Windows Endpoint Target (cisco.com) on how to set up a Windows Endpoint target in XDR? Is it possible to target internal endpoints? I am under the impression that it would require the use of a Remote appliance, like a HTTP Endpoint, but that's not an option.

Thanks!

Ken Stieers · ‎10-09-2024

Are you asking for an on-prem target for NVM??

There isnt an on prem option for XDR. Its all cloud.

TomML · ‎10-10-2024

Tracking the XDR option/profile for NVM but looking for more guidance on configuring a Microsoft Windows Endpoint Target. Guessing it needs a public IP address?

Ken Stieers · ‎10-10-2024

That target is for the "Automate", aka the Orchestration engine that you can use to do automation tasks/response tasks, etc...

That's got nothing to do with NVM ("Network Visibility Monitoring"). NVM is the client piece that grabs netflow for all processes that communicate over the network and sends it to the cloud.
For XDR you can only use the supplied "NVM Cloud Default Profile".

If you need an Automate Target, it has to be accessible from their cloud... or if its on-prem, and can be HTTP or Terminal access, you can deploy a "Remote" (in XDR under Automate/Advanced/Remotes).

XDR Microsoft Windows Endpoint Target

Cisco ISE and Microsoft Windows Autopilot

Doc - Amenazas con Cisco XDR: Estrategias Avanzadas de Threat Hunting

Troubleshoot XDR Device Insights and Secure Endpoint Integration

Cisco ISE with Microsoft Cloud PKI

思科 XDR 产品手册 2025 年 3 月