SOC Analyst at a educational organization with 501-1,000 employees
Real User
Top 20
2025-04-14T15:47:21Z
Apr 14, 2025
An issue that we have with Cisco XDR is the observable list. These observables are basically similar to a chess board where you have a certain number of spots to put pieces. It's the same concept when we're doing investigations. We're only allowed 2,000 characters and up to 1,000 observables when we do investigations. If we have a list of domains we need to block, such as 4,000 domains, I can only block 100 domains at a time because if I put in more than 100 domains, I hit that 2,000 character max and can't continue with an investigation. Being able to put in all 4,000 domains, without a character limit or observable limit, would make doing those case books a whole lot easier and blocking those domains a whole lot easier too.
One area that needs improvement is the limited visibility due to the licensing structure. For more visibility, customers need the advantage or premier licensing, which involves additional costs. Competitors offer more visibility without any additional licensing, which is a significant drawback for Cisco.
Network Security Specialist at a government with 1,001-5,000 employees
Real User
Top 5
2025-02-18T14:16:56Z
Feb 18, 2025
They need to provide better pricing and bundle XDR licenses with products like Meraki solutions or Firepower Threat Defense. Offering some free XDR licenses for testing features, similar to VPN licenses, could have a significant impact on costs.
Extended Detection and Response (XDR) is an advanced security solution offering more comprehensive threat detection and response by integrating multiple security tools into a unified platform.
XDR addresses the complexities of today’s security landscape by providing greater visibility across networks, endpoints, and cloud environments. Utilizing machine learning and automation, it enables security teams to detect, investigate, and respond to threats faster and more efficiently
What...
An issue that we have with Cisco XDR is the observable list. These observables are basically similar to a chess board where you have a certain number of spots to put pieces. It's the same concept when we're doing investigations. We're only allowed 2,000 characters and up to 1,000 observables when we do investigations. If we have a list of domains we need to block, such as 4,000 domains, I can only block 100 domains at a time because if I put in more than 100 domains, I hit that 2,000 character max and can't continue with an investigation. Being able to put in all 4,000 domains, without a character limit or observable limit, would make doing those case books a whole lot easier and blocking those domains a whole lot easier too.
One area that needs improvement is the limited visibility due to the licensing structure. For more visibility, customers need the advantage or premier licensing, which involves additional costs. Competitors offer more visibility without any additional licensing, which is a significant drawback for Cisco.
They need to provide better pricing and bundle XDR licenses with products like Meraki solutions or Firepower Threat Defense. Offering some free XDR licenses for testing features, similar to VPN licenses, could have a significant impact on costs.