Cisco Secure Endpoint

What is Cisco Secure Endpoint? #

Cisco Secure Endpoint (formerly Cisco Advanced Malware Protection (AMP)) prevents, detects, and removes threats from computer systems. Threats can take the form of software viruses and other malware such as ransomware, worms, Trojans, spyware, adware, and fileless malware.

Why Should You Use the Cisco Secure Endpoint Connector? #

The Cisco Secure Endpoint connector provides visibility into the assets in your environment. You can use this visibility to:

• ensure assets are managed per your security policies
• derive relationships between assets, users, applications, and data

How Does This Connector Work? #

Lucidum executes read-only requests to the Cisco Secure Endpoint REST API and ingests only meta-data about Cisco Secure Endpoint devices. Lucidum does not retrieve any data stored on your assets.

Configuring the Connector in Lucidum #

Source Documentation #

Creating Credentials #

Create a console user with read-only access to the APIs. Then generate a Client ID and API Key for the user:

1. Create a user account in Cisco XDR/Security Cloud. Assign the role “Read-Only to the new account. For details, see https://securitydocs.cisco.com/docs/scc/admin/95975.dita
2. Add the same user to Cisco Secure Endpoint. Click Allow Non-Admin Users. For details, see https://console.amp.cisco.com/help/en/Content/Secure_Endpoint_User_Guide/Users.html#accounts_622083677_1620683
3. Log in to the Cisco Secure Endpoint console with the new user credentials. Generate a Client ID and API Key with read-only access. For details, see https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/201121-Overview-of-the-Cisco-AMP-for-Endpoints.html#anc1

Required Permissions #

The Cisco Secure Endpoint token must have read access to Device data and User data. For details on defining permissions, see:

Assign Roles to a User

API Documentation #

  #