About Cisco AMP

Cisco Advanced Malware Protection (AMP) for Endpoints is a malware and virus protection platform that you can use to protect your environment from intrusion, infected files, and malicious behavior. This Functions-based integration allows for the enrichment of SOAR data using the results returned from the Cisco AMP for Endpoints API and also to make updates to the Cisco AMP for Endpoint environment.

Enable Cisco AMP Integration with SIRP

Generate a Client ID and API Key

Generate an API key for third-party access to connect with SIRP:

  1. Log in to your Cisco AMP for Endpoints console, and navigate to Accounts > API Credentials

  2. Click the New API Credential button

  3. Provide a name for your third-party application (e.g. SIRP)

  4. Select the Read & Write option for the scope of the API key

  5. Click the Create button.

  6. You will then see the 3rd Party API Client ID and the API key. Copy these for later use in SIRP.

Enable and Configure Cisco AMP app in SIRP

  • First, log in to SIRP, then go to Apps from the left navigation bar.

  • Locate the app named Advanced Malware Protection (AMP).

  • Enable the Umbrella app by clicking on the toggle button under the Status column.

  • Once you enable the App, click the configure option to integrate SIRP with Cisco Umbrella

  • Add the following details and click Save:

    1. URL: <eg: https://<Cisco AMP IP>

    2. Username: <Client ID copied from Cisco AMP interface>

    3. Password: <API Key from Cisco AMP interface>

Did this answer your question?