Re: AMP retention and event types

kostasthedelegate · ‎06-25-2021

Hello,

I would like to ask two questions for AMP

The logs are stored foe 30 days right? How could I extend this interval?

How could I see if it logs event types like malware activities and start stop of the service?

Thanks and regards,

Konstantinos

kostasthedelegate · ‎06-28-2021

Are there any thoughts especially on the event types the logs contain?

Ken Stieers · ‎06-29-2021

Looking at the event types listed in the events dashboard, I don't see any for Service Stopped or Service Started.

There are many event types for the various types of detection...

Page 38 of the deployment guide lists them:

https://docs.amp.cisco.com/en/SecureEndpoint/Secure%20Endpoint%20Deployment%20Strategy.pdf

As does the help, https://console.amp.cisco.com/help/en/wwhelp/wwhimpl/js/html/wwhelp.htm

Under "Threat Descriptions"

To extend past 30 days, you'll need to implement something like a SEIM or other log collection to download them via the API...

AMP retention and event types

Redes na prática: OSPF – LSDB & LSA (Type 1, 2 & 3)

Cisco ISE Overview & Strategic Insights

May & June 2025 - EMEA Expert Insights Series

ACI & NDI Expert Insight Series

Re: Understanding BGP Best Path Selection & Manipulation