cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Blog- Changes on Community Labels
107
Views
10
Helpful
3
Replies
Highlighted
Beginner

Cisco AMP API - Initiate Scan?

Is there a way to initiate an endpoint scan with Cisco AMP from the API?

 

3 REPLIES
Cisco Employee

Re: Cisco AMP API - Initiate Scan?

There is currently no way to initiate a scan via the API.  Please have your Account Manager put in/add you to a Feature Request for that functionality.

 

Thanks,

Matt

Beginner

Re: Cisco AMP API - Initiate Scan?

That's embarrassing considering every other endpoint vendor has it.
Cisco Employee

Re: Cisco AMP API - Initiate Scan?

Well, it gets quite a bit less embarrassing when you consider that a triggered scan, after the initial install, is basically not necessary with AMP.  Because we're continually monitoring the activity on the endpoint, anything bad should get picked up. Stuff that initially passed muster and later is identified as malicious is handled by AMP's retrospection feature.

 

AMP does an initial scan at install time (by default) to pick up anything that was already lurking on the endpoint prior to AMP installation.  Once you've done that the first time, there is very little benefit in continually re-scanning clean files over and over.  All it really does is chew up system resources.

 

For customers who need to scan because of overly-restrictively-written policy requirements, scans can be scheduled via the admin console.  But we pretty much never recommend doing so unless you absolutely have to.

 

What's the scenario you have in mind for API-initiated scans?

CreatePlease to create content
Content for Community-Ad
Blog-Cisco Community Designated VIP Dinner CLEUR2019