All AMP for Endpoints subscriptions include Cisco SecureX, which is built-in. SecureX is a cloud-native platform that turns your infrastructure into a fully integrated ecosystem, by aggregating capabilities across the Cisco Security portfolio as well as 3rd party tools. It’s designed to simplify your security environment, improve visibility and context, and maximize your team’s efficiency.
What can I do with SecureX?
Dashboard: Get visibility to key operational metrics across your security portfolio together with your AMP for Endpoints data.
Threat Response: Instead of having to log into multiple platforms to try and correlate information, Threat Response will take the observables you paste in and automatically correlate intelligence from various sources to help you visualize your environment.
Ribbon: Pivot and investigate faster with relevant context that you take with you as you move from AMP for Endpoints user interface back to the platform. If you have AMP for Endpoints Advantage, you can query Orbital directly from the SecureX ribbon.
Orchestration (Beta): Improve your efficiency through automated workflows to cut down time spent on routine tasks. A drag-and-drop interface helps you combine actions across multiple products, even 3rd party products. For example, you could create a workflow to trigger a ServiceNow ticket each time you isolate a host.
How do I connect to SecureX?
Click here for a YouTube video with instructions, or follow the step-by-step instructions below.
After you log in to AMP for Endpoints, click the Ribbon on the bottom to expand it. Then, click Get SecureX.
As an existing AMP for Endpoints user, click the middle button to log in to SecureX.
You’re now on the SecureX home screen. Find AMP in the Available Integrations section and click Add.
Navigate back over to the AMP for Endpoints Console to generate the API Credential. Go to Accounts -> API Credentials, and click New API Credential.
Give the new API key Read & Write access. Click Create.
Navigate back to SecureX and paste the Client ID and API Key in.
You’re all set to start using SecureX!
What’s an example of SecureX in action?
In this example, we will show you how to do a threat hunt using SecureX Threat Response. Hashes you obtain of IOCs can be quickly searched in AMP for Endpoints with one click.Log into SecureX and launch Threat Response from either the Applications section or the Ribbon.
Copy the hashes that you want to search for in your environment.
Drop them directly into the Investigation box in Threat Response – no formatting required. Using Threat Response, we can search for hundreds of hashes at a time, instead of individually in the AMP console.
Click Investigate. SecureX performs the investigation by checking all of your Cisco Security modules to see what each of them knows about the observables. All results are displayed in the Relations Graph, with the relationships between the observables and any relevant data elements highlighted. This can include information such as parent files, URLs from which the observables originated, and endpoints that may have been impacted in your environment.
With SecureX, you can then take action on the endpoint directly from the Threat Response console, such as isolating the host. With Orchestration (Beta) enabled, you’ll be able to take even more complex workflows and turn it into one click from the console.
I have a firewall 4100 . I need to set them up as FTD to work with my FMC I set up it up as below, but I can ssh but can not https to it. Do you know why? If you have a good link for setting up this firewall to FTD, pleas share. Switch Fabr...
I work in an environment using Cisco Stealthwatch. We have a cybersecurity team that is doing an audit on our systems where they are scanning the network for vulnerabilities and other problems. I have to provide my management team with the out...
I generally I see the outside interface IP used for the dynamic NAT, though after enabling RAVPN, etc. there appears to be a warning in FMC about possible conflict, etc. Is it a best practice to use a different IP than the outside interface for dynamic NA...
Hi,I'm currently having an issue with a VPN profile in our ASA 5545-X. We have several AnyConnect profiles in which machines are reachable from VPN to inside network and viceversa (ping from LAN to VPN-connected PCs works). However, there's a profile for ...
Dear community, Hope all good at your side. I am working on the configuration of Cisco ISE 3.0 802.1x in a project and during the process I am facing an issue with Authorization.Cisco ISE shows: 1 Misconfigured Supplicant. The ...