https://community.cisco.com/t5/endpoint-security/data-retention-and-syslog/m-p/4009303#M3210 <P>Hello,</P><P>&nbsp;</P><P>I have Cisco AMP for Endpoints. It is a new installation.&nbsp;</P><P>I would like to ask if there is a possibility to change the data retention setting.&nbsp;</P><P>I would like to have data for more than 30 days.&nbsp;</P><P>&nbsp;</P><P>Is there any option to send data to a Syslog server?</P><P>&nbsp;</P><P>Thanks and regards,&nbsp;</P><P>Konstantinos</P> Fri, 21 Feb 2020 05:12:01 GMT kostasthedelegate 2020-02-21T05:12:01Z https://community.cisco.com/t5/endpoint-security/data-retention-and-syslog/m-p/4009303#M3210 <P>Hello,</P><P>&nbsp;</P><P>I have Cisco AMP for Endpoints. It is a new installation.&nbsp;</P><P>I would like to ask if there is a possibility to change the data retention setting.&nbsp;</P><P>I would like to have data for more than 30 days.&nbsp;</P><P>&nbsp;</P><P>Is there any option to send data to a Syslog server?</P><P>&nbsp;</P><P>Thanks and regards,&nbsp;</P><P>Konstantinos</P> Fri, 21 Feb 2020 05:12:01 GMT https://community.cisco.com/t5/endpoint-security/data-retention-and-syslog/m-p/4009303#M3210 kostasthedelegate 2020-02-21T05:12:01Z https://community.cisco.com/t5/endpoint-security/data-retention-and-syslog/m-p/4010981#M3226 Hello,<BR />Any ideas? Tue, 14 Jan 2020 06:48:39 GMT https://community.cisco.com/t5/endpoint-security/data-retention-and-syslog/m-p/4010981#M3226 kostasthedelegate 2020-01-14T06:48:39Z https://community.cisco.com/t5/endpoint-security/data-retention-and-syslog/m-p/4011068#M3234 <P>Hi,</P> <P>If you need to have more than 30 days of Events you can always consider to use the AMP API:<BR /><A href="https://api-docs.amp.cisco.com/api_resources?api_host=api.eu.amp.cisco.com&amp;api_version=v1" target="_blank">https://api-docs.amp.cisco.com/api_resources?api_host=api.eu.amp.cisco.com&amp;api_version=v1</A><BR />Event section will be the one, which you can use on your SIEM system. There is even special Splunk extension for the Cisco AMP console which gathers such data:<BR /><A href="https://splunkbase.splunk.com/app/3670/" target="_blank">https://splunkbase.splunk.com/app/3670/</A></P> <P>Regular syslog is not possible.</P> <P>Hope that helps,<BR />Wojciech</P> Tue, 14 Jan 2020 09:49:34 GMT https://community.cisco.com/t5/endpoint-security/data-retention-and-syslog/m-p/4011068#M3234 Wojciech Cecot 2020-01-14T09:49:34Z https://community.cisco.com/t5/endpoint-security/data-retention-and-syslog/m-p/4011107#M3241 Hello Wojciech,<BR /><BR />Thank you for your answer.<BR />Because I am not aware of the API calls. is there any guide, that could be used?<BR />Especially, I would like to find compatibilities with SIEM systems.<BR /><BR />Regards,<BR />Konstantinos Tue, 14 Jan 2020 11:00:51 GMT https://community.cisco.com/t5/endpoint-security/data-retention-and-syslog/m-p/4011107#M3241 kostasthedelegate 2020-01-14T11:00:51Z https://community.cisco.com/t5/endpoint-security/data-retention-and-syslog/m-p/4012831#M3245 A new resource for third party integrations with AMP is now available:<BR /><BR /><A href="https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/AMP-endpoints-partners-integrations.html#~third-party-integrations" target="_blank">https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/AMP-endpoints-partners-integrations.html#~third-party-integrations</A><BR /> Thu, 16 Jan 2020 17:06:58 GMT https://community.cisco.com/t5/endpoint-security/data-retention-and-syslog/m-p/4012831#M3245 brmcmaho 2020-01-16T17:06:58Z https://community.cisco.com/t5/endpoint-security/data-retention-and-syslog/m-p/4013471#M3249 <P>Thanks a lot!!</P><P>Will review it!!</P> Fri, 17 Jan 2020 14:23:37 GMT https://community.cisco.com/t5/endpoint-security/data-retention-and-syslog/m-p/4013471#M3249 kostasthedelegate 2020-01-17T14:23:37Z