Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2314
Views
5
Helpful
2
Replies

AMP retention and event types

kostasthedelegate
Level 4
Level 4

‎06-25-2021 04:37 AM

Hello, 

 

I would like to ask two questions for AMP

 

The logs are stored foe 30 days right? How could I extend this interval?

 

How could I see if it logs event types like malware activities and start stop of the service?

 

Thanks and regards, 

Konstantinos

2 Replies 2

kostasthedelegate
Level 4
Level 4

‎06-28-2021 10:45 PM

Are there any thoughts especially on the event types the logs contain?

0 Helpful

Ken Stieers
VIP
VIP
In response to kostasthedelegate

‎06-29-2021 07:20 AM

Looking at the event types listed in the events dashboard, I don't see any for Service Stopped or Service Started.



There are many event types for the various types of detection...

Page 38 of the deployment guide lists them:

https://docs.amp.cisco.com/en/SecureEndpoint/Secure%20Endpoint%20Deployment%20Strategy.pdf

As does the help, https://console.amp.cisco.com/help/en/wwhelp/wwhimpl/js/html/wwhelp.htm

Under "Threat Descriptions"



To extend past 30 days, you'll need to implement something like a SEIM or other log collection to download them via the API...




0 Helpful
Customers Also Viewed These Support Documents