Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
777
Views
5
Helpful
1
Replies

CISCO Secure Endpoint Third Party Integration Recommendations

ShoreSempai
Level 1
Level 1

‎10-15-2021 06:28 AM

We have a client who is deploying CISCO Secure Endpoint across their organization and would like to forward critical and high alerts/notifications to our cybersecurity platform.  We can support syslogs, custom logs or integration via a REST or other style of API.

 

We are wondering if there is a recommended/preferred approach?  We have been searching to find an answer and don't seem to be getting very far.  If you have any suggestions, pointers to articles, presentations or documentation that would be greatly appreciate.

1 Reply 1

Ken Stieers
VIP
VIP

‎10-15-2021 06:44 AM

There is an API. API docs are here: https://api-docs.amp.cisco.com/
There's a whole developer site on Dev net here: https://developer.cisco.com/amp-for-endpoints/
Depending upon your platform/SEIM, they may already have facilities to do the ingestion. Splunk surely does. Logrhythm does (OpenCollector, plus someone posted python -> flatfile ingestion years ago...)
Also this page: https://ciscosecurity-amp-00-integration-workflows.readthedocs-hosted.com/en/latest/amp/intro.html
Google "cisco amp api"... in the first 3 pages all of the big players pop up.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents