01-10-2020 01:02 AM - edited 02-20-2020 09:12 PM
Hello,
I have Cisco AMP for Endpoints. It is a new installation.
I would like to ask if there is a possibility to change the data retention setting.
I would like to have data for more than 30 days.
Is there any option to send data to a Syslog server?
Thanks and regards,
Konstantinos
01-13-2020 10:48 PM
01-14-2020 01:49 AM
Hi,
If you need to have more than 30 days of Events you can always consider to use the AMP API:
https://api-docs.amp.cisco.com/api_resources?api_host=api.eu.amp.cisco.com&api_version=v1
Event section will be the one, which you can use on your SIEM system. There is even special Splunk extension for the Cisco AMP console which gathers such data:
https://splunkbase.splunk.com/app/3670/
Regular syslog is not possible.
Hope that helps,
Wojciech
01-14-2020 03:00 AM
01-16-2020 09:06 AM
01-17-2020 06:23 AM
Thanks a lot!!
Will review it!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide