11-07-2018 06:27 PM - edited 02-20-2020 09:06 PM
Hi Sir:
Does Endpoint AMP send syslog event ? or AMP can get any information by restFul or API ?
Solved! Go to Solution.
11-08-2018 02:07 AM
Hello,
Security Ops rely on API to get e.g. syslog event. API call would let you get description of behavior indicators. You should be able to pull the name, title, description and lots of other indicator data from it.
Go into your dashboard if you do not yet have an API key and you can establish one under Accounts > API Credentials.
Cisco AMP has gitub source to start with API.
https://github.com/CiscoSecurity/amp-01-basics
Or you can have a look at official documentation, as below:
https://api-docs.amp.cisco.com/
Regards
David
11-08-2018 02:07 AM
Hello,
Security Ops rely on API to get e.g. syslog event. API call would let you get description of behavior indicators. You should be able to pull the name, title, description and lots of other indicator data from it.
Go into your dashboard if you do not yet have an API key and you can establish one under Accounts > API Credentials.
Cisco AMP has gitub source to start with API.
https://github.com/CiscoSecurity/amp-01-basics
Or you can have a look at official documentation, as below:
https://api-docs.amp.cisco.com/
Regards
David
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide