11-05-2018 09:01 PM - edited 02-20-2020 09:06 PM
Hi Sir:
Does Endpoint AMP send syslog event or send the log by any methods ?
11-06-2018 03:02 AM
Hello,
AMP agent sends events to AMP console, for further details. The typical Syslog is not paired in any way with AMP agent. If Security Operation wants such output, need to use API. With REST API you are able to pull data, or run them regulary using e.g. cron jobs.
Hope that answers your question
David
11-06-2018 04:04 AM
I think this is what you need: Overview of the Cisco AMP for Endpoints API
11-07-2018 11:28 AM
Hi Peter,
Neil and Evgeny have an Endpoint Security Ask The Expert thread going right now. It has a good focus on AMP. You should try posting this question and others there!
Here is the link: https://community.cisco.com/t5/advanced-threats/ask-the-expert-endpoint-security-the-daunting-challenges-of-the/td-p/3736946
I may not be able to help much, be he can!
11-07-2018 06:21 PM
Hi Jefburke:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide