cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2249
Views
5
Helpful
2
Replies

AMP retention and event types

Hello, 

 

I would like to ask two questions for AMP

 

The logs are stored foe 30 days right? How could I extend this interval?

 

How could I see if it logs event types like malware activities and start stop of the service?

 

Thanks and regards, 

Konstantinos

2 Replies 2

Are there any thoughts especially on the event types the logs contain?

Looking at the event types listed in the events dashboard, I don't see any for Service Stopped or Service Started.



There are many event types for the various types of detection...

Page 38 of the deployment guide lists them:

https://docs.amp.cisco.com/en/SecureEndpoint/Secure%20Endpoint%20Deployment%20Strategy.pdf

As does the help, https://console.amp.cisco.com/help/en/wwhelp/wwhimpl/js/html/wwhelp.htm

Under "Threat Descriptions"



To extend past 30 days, you'll need to implement something like a SEIM or other log collection to download them via the API...




Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: