Cisco Secure Endpoint (formerly Cisco Advanced Malware Protection (AMP)) prevents, detects, and removes threats from computer systems. Threats can take the form of software viruses and other malware such as ransomware, worms, Trojans, spyware, adware, and fileless malware.
Creating an API Key for Cisco Secure Endpoint #
Before configuring the Cisco AMP connector in Lucidum, you must first create an API Key. Lucidum will use the API key to access the Cisco Secure Endpoint API.
-
Log in to the admin panel of Cisco AMP.
-
Click the Accounts menu and choose Business Page.
-
Click Edit
-
Under features, click the Regenerate… button beside “3rd Party API Access” to generate the client ID and secure API Key.
-
View and copy the client ID and API key.
Configuring the Connector for Cisco Secure Endpoint #
To configure Lucidum to ingest data from Cisco Secure Endpoint:
-
Log in to Lucidum.
-
In the left pane, click Connector.
-
In the Connector page, click Add Connector.
-
Scroll until you find the Connector you want to configure. Click Connect. The Settings page appears.
-
In the Settings page, enter the following:
-
URLÂ (required). The URL of the API for Cisco Secure Endpoint. For example, https://api.amp.cisco.com.
-
Client ID(required). The client ID for a Cisco Cisco Secure Endpoint user account that read access to API data. For details on creating a client, see https://developer.cisco.com/docs/secure-endpoint/#!overview/overview
-
API Key (required). The API Key for a Cisco Cisco Secure Endpoint user account that read access to API data. For details on creating an API key, see https://developer.cisco.com/docs/secure-endpoint/#!overview/overview
-
-
To test the configuration, click Test.
-
If the connector is configured correctly, Lucidum displays a list of services that are accessible with the connector.
-
If the connector is not configured correctly, Lucidum displays an error message.
-
API Documentation #
API v1
https://developer.cisco.com/docs/secure-endpoint/#!overview/overview
