https://community.cisco.com/t5/endpoint-security/is-cisco-amp-support-integration-with-siem/m-p/4467253#M6395 <P>Is Cisco security support integration with any SIEM solution, if yes please update me with more details</P> Wed, 15 Sep 2021 20:50:48 GMT RafikWassef 2021-09-15T20:50:48Z https://community.cisco.com/t5/endpoint-security/is-cisco-amp-support-integration-with-siem/m-p/4467253#M6395 <P>Is Cisco security support integration with any SIEM solution, if yes please update me with more details</P> Wed, 15 Sep 2021 20:50:48 GMT https://community.cisco.com/t5/endpoint-security/is-cisco-amp-support-integration-with-siem/m-p/4467253#M6395 RafikWassef 2021-09-15T20:50:48Z https://community.cisco.com/t5/endpoint-security/is-cisco-amp-support-integration-with-siem/m-p/4467263#M6396 Various SEIM products have ways to get events from AMP, but AMP can't push the events.<BR /><BR />Logrhythm has a beat for their Open Collector to pull AMP events into the SEIM via the API. (its all based on elastic beats)<BR />I think Splunk and QRadar both have something similar. Here's Cisco Doc for splunk<BR /><A href="https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/215973-amp-for-endpoints-integration-with-splun.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/215973-amp-for-endpoints-integration-with-splun.html</A><BR /><BR />You may find some useful info and options in SecureX (dashboards/orchestration/incident managment/automated actions, etc.)<BR /><BR /> Wed, 15 Sep 2021 21:07:10 GMT https://community.cisco.com/t5/endpoint-security/is-cisco-amp-support-integration-with-siem/m-p/4467263#M6396 Ken Stieers 2021-09-15T21:07:10Z