Threat Response integrates with Cisco's Web Security Appliance (WSA) to provide visibility into web-bourne threats. By adding a Web Security or SMA Web module to Threat Response, investigators will be able to search for domains, URLs, and file hashes that have been recorded by your WSA, or by your SMA managing WSA devices.
Threat Response integrates with Cisco Web Security in one of two ways: Directly from the WSA, or via an SMA. Each has its own module, but either will bring web visibility into your investigations performed in Threat Response.
Both modules (WSA and SMA Web) are enrichment modules. The WSA and/or SMA modules allows investigators to take actions such as searching web traffic records across data from either one WSA (SA module) or all WSAs connected to the SMA (SMA module). Multiple WSA modules may be configured, if the user has multiple WSAs but no SMA.
For a guided step by step walkthrough on how to quickly configure these products to work with Threat Response, view the related topics in the in-product help in the Threat Response portal.
Learn more about Threat Response here, or check out other FAQs here.