We have a client who is deploying CISCO Secure Endpoint across their organization and would like to forward critical and high alerts/notifications to our cybersecurity platform. We can support syslogs, custom logs or integration via a REST or other style of API.
We are wondering if there is a recommended/preferred approach? We have been searching to find an answer and don't seem to be getting very far. If you have any suggestions, pointers to articles, presentations or documentation that would be greatly appreciate.