| Table of Contents | ||||
|---|---|---|---|---|
|
Overview
Cisco AMP(Advance Malware Protection for Endpoints provides next-generation endpoint protection, scanning files using a variety of antimalware technologies, including the Cisco antivirus engine. Here are the steps to follow for the ingestion of events to Seceon SIEM to have a Comprehensive visibility and Proactive Threat Detection in your Environment.
Steps Of Configuration
Step 1. Navigate to Provisioning
...
Enter the name of the device.
Enter the CCE IP.
Now enter the generated client Id in Access ID/user name and client secret in password/Secret Key section.
Now in valid JSON Format in the last field, add {"ciscoamp_api_domain": "domian_value"}
If you do not have any specific domain for it then use domain_value as api.amp.cisco.com.
This needs to be added in the config section.
Click on the Save button.
Check UI:
Verification
Going to the System tab, we will check that we are seeing Cisco AMP is available there.