Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.

Device Configuration: Cisco AMP

Overview

Cisco AMP(Advance Malware Protection for Endpoints provides next-generation endpoint protection, scanning files using a variety of antimalware technologies, including the Cisco antivirus engine. Here are the steps to follow for the ingestion of events to Seceon SIEM to have a Comprehensive visibility and Proactive Threat Detection in your Environment.

Steps Of Configuration

Step 1. Navigate to Provisioning

Step 2. Drop down Add on devices

Step 3.Fill all the necessary details and save it.

 

To add the Cisco AMP support ,Follow the steps that are mentioned below.

  • Enter the name of the device.

  • Enter the CCE IP.

  • Now enter the generated client Id in Access ID/user name and client secret in password/Secret Key section.

  • Now in valid JSON Format in the last field, add {"ciscoamp_api_domain": "domian_value"}

  • If you do not have any specific domain for it then use domain_value as api.amp.cisco.com.

    This needs to be added in the config section.

  • Click on the Save button.

 

Verification

Going to the System tab, we will check that Cisco AMP is available there.

Seceon Inc. All rights reserved. https://www.seceon.com