Firepower Integration

evan.chadwick1 · ‎03-04-2020

Does Cisco Endpoint fully integrate directly to FMC (Firepower)?
Or does FMC only get intelligence from endpoint sent to Threat Grid and then down to FMC(Firepower)?

Want to know how much intelligence the endpoint can feed into the FMC.

Muhammad Awais Khan · ‎03-04-2020

Hi,

When we said integration of FMC with AMP4E, we are actually integration AMP for Network component in FMC to AMP4E. It give us following benefits and controls:

- Centralize Blacklist/Whitelist. Your AMP4E configured Whitelist/Black list policies in AMP4E will be pushed to FMC also

- Co related events. With the help of this integration, in FMC malware events, you will be getting lot of contextual information from AMP4E about the malware events, IOCs, Scans, cloud recalls.

With this integration, it is uni-directional transfer of polices and events from AMP4E to FMC

Reference:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/file_policies_and_advanced_malware_protection.html#id_96014

evan.chadwick1 · ‎04-14-2020

Thanks, I had a read of that link.
It does not state whether AMP4E has a direct channel to FMC.
I'm wondering if information is fed via Cloud channels instead?

Matthew Franks · ‎04-14-2020

The FMC/AMP events integration utilizes the AMP API. Additional information here:
https://api-docs.amp.cisco.com/

Thanks,

Matt