cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Whebcast-Overview of Cisco's Branch Routing Portfolio
258
Views
15
Helpful
4
Replies
Beginner

Cisco AMP API - Initiate Scan?

Is there a way to initiate an endpoint scan with Cisco AMP from the API?

 

4 REPLIES 4
Cisco Employee

Re: Cisco AMP API - Initiate Scan?

There is currently no way to initiate a scan via the API.  Please have your Account Manager put in/add you to a Feature Request for that functionality.

 

Thanks,

Matt

Highlighted
Beginner

Re: Cisco AMP API - Initiate Scan?

That's embarrassing considering every other endpoint vendor has it.
Cisco Employee

Re: Cisco AMP API - Initiate Scan?

Well, it gets quite a bit less embarrassing when you consider that a triggered scan, after the initial install, is basically not necessary with AMP.  Because we're continually monitoring the activity on the endpoint, anything bad should get picked up. Stuff that initially passed muster and later is identified as malicious is handled by AMP's retrospection feature.

 

AMP does an initial scan at install time (by default) to pick up anything that was already lurking on the endpoint prior to AMP installation.  Once you've done that the first time, there is very little benefit in continually re-scanning clean files over and over.  All it really does is chew up system resources.

 

For customers who need to scan because of overly-restrictively-written policy requirements, scans can be scheduled via the admin console.  But we pretty much never recommend doing so unless you absolutely have to.

 

What's the scenario you have in mind for API-initiated scans?

Beginner

Re: Cisco AMP API - Initiate Scan?

A good example could be in case of a quarantaine failed. The malware was seen but not catch what ever the reason is, so running a full scan will let us know that the endpoint is clean

CreatePlease to create content
Content for Community-Ad

Spotlight awards-March 2019