SecureX Orchestration

Security workflow automation made easy.

What is orchestration?

Orchestration is a key feature of SecureX, the built-in platform experience included with Cisco Secure products. Process automation is simple with SecureX's no/low-code drag-and-drop interface, and helps SecOps, ITOps, and NetOps teams save critical working hours.


Investigate security events with machine-like speed using prebuilt and custom playbooks.


Integrate Cisco and third-party systems to expand your security toolbox.


Automate responses, reduce mean time to respond, and eliminate repetitive tasks.

Do more with SecureX orchestration

Our GitHub repository can help answer your orchestration questions. You'll find atomic actions, workflows, and other code that can be imported into SecureX, as well as videos and walk-throughs—everything you need to get started.

Our security platform approach

Cisco SecureX

SecureX is a cloud-native, built-in platform experience within our Cisco Secure portfolio.

Extended detection and response

SecureX provides the industry's broadest XDR with a built-in experience, not a bolted-on tool.

Start using SecureX orchestration

This workflow content library contains some of our most powerful pre-build workflows that can immediately reduce repetitive tasks and give time back to your staff. You can choose from a number of actions and workflows in the GitHub library or build custom workflows if you have a more specific outcome in mind.

Workflow Description Resources
Investigate phishing attacks With the new email event feature in SecureX orchestration, you can trigger a workflow whenever an email arrives in an inbox. In the video we show how our phishing investigation workflow can take an email submission and conduct an automated investigation. Video demonstration

GitHub repository
Investigate SolarWinds This video looks at a SecureX orchestration workflow that uses a Talos blog post as a source of intelligence to conduct an investigation into the SolarWinds supply chain attack within your environment. Video demonstration

GitHub repository
Optimize VPN capacity This workflow automatically monitors and provisions additional remote access VPN resources as mobile users increase. It's like having a NetOps analyst constantly watching and working for you. Video demonstration

GitHub repository
Simplify threat hunting This workflow parses a single Talos blog post and converts it into a SecureX casebook. In this ThreatWise TV episode, we show how the casebook can then be investigated with one click in SecureX threat response. Video demonstration

GitHub repository
Reimagine the firewall This workflow checks SecureX threat response every 10 minutes for incidents generated by Firepower impact level red events. If matching incidents are found, an investigation is performed to identify related observables, including endpoints, domains, file hashes, and users. After an investigation is complete, approval will be requested to perform automated remediation. Video demonstration

GitHub repository

Sorry, no results matched your search criteria(s). Please try again.