Cisco XDR is an extended detection and response platform that provides threat detection, investigation, and response capabilities across multiple security domains including network, endpoint, email, cloud, and identity. The platform incorporates network detection capabilities and uses AI to prioritize incidents and automate response actions. The solution offers incident management workflows that guide analysts through investigation and remediation processes. It includes automated containment capabilities for critical alerts and can execute tailored investigation plans. The platform provides device and user inventory management for contextual awareness during investigations. Cisco XDR integrates with third-party security tools including endpoint detection and response solutions, cloud and network security tools, and email security platforms. It supports integrations with CrowdStrike, Cybereason, Microsoft Defender, Palo Alto Networks, and SentinelOne among others. The platform includes an AI Assistant that helps analysts make decisions and monitor threats such as ransomware and endpoint compromises. It provides MITRE ATT&CK coverage mapping and detailed forensics capabilities. The solution offers snapshot backup and restoration features for recovering from attacks. Cisco XDR is available in three licensing tiers: Essentials with built-in Cisco integrations, Advantage with third-party integrations, and Premier as a managed service with penetration testing and incident response services.