Can AMP share information with other 3rd party Threat Hunting capabilities? I am thinking of a use case where you would be integrating the data in to an in house application that correlates Threat data alongside the outputs from the likes of Talos etc.
it is actually pretty easy to integrate AMP and his events into 3rd party tool for example SIEM tool using API calls. Integration using APIs is pretty easy and convenient. Thanks to the SIEM logic we have get rid of all known false positives and only relevant events are then inspected and sent to our ticketing system. In addition all AMP events coming to SIEM are also correlated with events from other security tools which gives us nice overview about what is going on in the network. This includes also data from CTR tool (which includes information from TALOS). l hope this help a bit
