topic CISCO Secure Endpoint Third Party Integration Recommendations in Endpoint Security https://community.cisco.com/t5/endpoint-security/cisco-secure-endpoint-third-party-integration-recommendations/m-p/4486929#M6440 <P>We have a client who is deploying CISCO Secure Endpoint across their organization and would like to forward critical and high alerts/notifications to our cybersecurity platform.&nbsp; We can support syslogs, custom logs or integration via a REST or other style of API.</P><P>&nbsp;</P><P>We are wondering if there is a recommended/preferred approach?&nbsp; We have been searching to find an answer and don't seem to be getting very far.&nbsp; If you have any suggestions, pointers to articles, presentations or documentation that would be greatly appreciate.</P> Fri, 15 Oct 2021 13:28:02 GMT ShoreSempai 2021-10-15T13:28:02Z CISCO Secure Endpoint Third Party Integration Recommendations https://community.cisco.com/t5/endpoint-security/cisco-secure-endpoint-third-party-integration-recommendations/m-p/4486929#M6440 <P>We have a client who is deploying CISCO Secure Endpoint across their organization and would like to forward critical and high alerts/notifications to our cybersecurity platform.&nbsp; We can support syslogs, custom logs or integration via a REST or other style of API.</P><P>&nbsp;</P><P>We are wondering if there is a recommended/preferred approach?&nbsp; We have been searching to find an answer and don't seem to be getting very far.&nbsp; If you have any suggestions, pointers to articles, presentations or documentation that would be greatly appreciate.</P> Fri, 15 Oct 2021 13:28:02 GMT https://community.cisco.com/t5/endpoint-security/cisco-secure-endpoint-third-party-integration-recommendations/m-p/4486929#M6440 ShoreSempai 2021-10-15T13:28:02Z Re: CISCO Secure Endpoint Third Party Integration Recommendations https://community.cisco.com/t5/endpoint-security/cisco-secure-endpoint-third-party-integration-recommendations/m-p/4486938#M6441 There is an API. API docs are here: <A href="https://api-docs.amp.cisco.com/" target="_blank">https://api-docs.amp.cisco.com/</A><BR />There's a whole developer site on Dev net here: <A href="https://developer.cisco.com/amp-for-endpoints/" target="_blank">https://developer.cisco.com/amp-for-endpoints/</A><BR />Depending upon your platform/SEIM, they may already have facilities to do the ingestion. Splunk surely does. Logrhythm does (OpenCollector, plus someone posted python -&gt; flatfile ingestion years ago...)<BR />Also this page: <A href="https://ciscosecurity-amp-00-integration-workflows.readthedocs-hosted.com/en/latest/amp/intro.html" target="_blank">https://ciscosecurity-amp-00-integration-workflows.readthedocs-hosted.com/en/latest/amp/intro.html</A><BR />Google "cisco amp api"... in the first 3 pages all of the big players pop up.<BR /><BR /> Fri, 15 Oct 2021 13:44:35 GMT https://community.cisco.com/t5/endpoint-security/cisco-secure-endpoint-third-party-integration-recommendations/m-p/4486938#M6441 Ken Stieers 2021-10-15T13:44:35Z