topic Re: AMP Integrations to external sources? 💃 in Endpoint Security

AMP Integrations to external sources? 💃

John Pell — Tue, 22 Dec 2020 17:19:25 GMT

Can AMP share information with other 3rd party Threat Hunting capabilities? I am thinking of a use case where you would be integrating the data in to an in house application that correlates Threat data alongside the outputs from the likes of Talos etc.

💃

Re: AMP Integrations to external sources? 💃

jmarcel2 — Tue, 22 Dec 2020 19:21:29 GMT

HI John,

it is actually pretty easy to integrate AMP and his events into 3rd party tool for example SIEM tool using API calls. Integration using APIs is pretty easy and convenient. Thanks to the SIEM logic we have get rid of all known false positives and only relevant events are then inspected and sent to our ticketing system. In addition all AMP events coming to SIEM are also correlated with events from other security tools which gives us nice overview about what is going on in the network. This includes also data from CTR tool (which includes information from TALOS). l hope this help a bit 💃

Re: AMP Integrations to external sources? 💃

Ken Stieers — Tue, 22 Dec 2020 19:20:43 GMT

That's SecureX, specifically Threat Response

Its got integrations available to several souces of data, plus a generic one that you can make work with any that they don't have..

Re: AMP Integrations to external sources? 💃

rikaragoza — Thu, 07 Jan 2021 07:22:21 GMT

Thank you for the info! 💃