# Cisco XDR Integration

**Step 1 - Create Webhook for Cisco XDR**

* Visit the **Webhooks** page in AIR,
* Click the "**+ New Webhook**" button in the upper right corner,
* Provide a self-explanatory name (examples: RDP Brute Force Trigger, Phishing Detected Trigger, etc.),
* Select "**Cisco XDR: Cisco XDR Webhook Parser**" as the parser for this webhook,
* Select an **Acquisition Profile** when Cisco XDR activates this webhook,
* Select the **Ignore** option or leave with its default value (defaults to 24 hours for recurrent alerts for a single endpoint),
* Provide other settings such as **Evidence Repository**, **CPU Limit**, **Compression & Encryption** to use or let AIR configure them automatically based on the matching policy
* Click the "**Save**" button.
* Copy the Webhook URL for Step 2.

**Step 2 - Setting up Cisco XDR**

* Go to **Automate** - **Targets**
* Click **New Target**.
* Select **HTTP Endpoint** in **Target Type**
* Enter a unique display name for the target in the **Display Name** field and a brief description in the **Description** field
* In the **HTTP** area, paste the Webhook URL you created in Step 1.
  * **Protocol** - Choose the appropriate protocol (HTTP or HTTPS)
  * **Host/IP Address** - Enter the hostname or IP address for the HTTP Endpoint.
  * **Port** - Enter the HTTP port number
  * **Path** - Enter the HTTP path
* Click **Submit** to add and save the target
* For more information, please refer to Product's [Documentation](https://docs.xdr.security.cisco.com/Content/Automate/about-automation.htm).