About Cisco AMP
Cisco Advanced Malware Protection (AMP) for Endpoints is a malware and virus protection platform that you can use to protect your environment from intrusion, infected files, and malicious behavior. This Functions-based integration allows for the enrichment of SOAR data using the results returned from the Cisco AMP for Endpoints API and also to make updates to the Cisco AMP for Endpoint environment.
Enable Cisco AMP Integration with SIRP
Generate a Client ID and API Key
Generate an API key for third-party access to connect with SIRP:
Log in to your Cisco AMP for Endpoints console, and navigate to Accounts > API Credentials
Click the New API Credential button
Provide a name for your third-party application (e.g. SIRP)
Select the Read & Write option for the scope of the API key
Click the Create button.
βYou will then see the 3rd Party API Client ID and the API key. Copy these for later use in SIRP.
Enable and Configure Cisco AMP app in SIRP
First, log in to SIRP, then go to Apps from the left navigation bar.
Locate the app named Advanced Malware Protection (AMP).
Enable the Umbrella app by clicking on the toggle button under the Status column.
Once you enable the App, click the configure option to integrate SIRP with Cisco Umbrella
Add the following details and click Save:
URL: <eg: https://<Cisco AMP IP>
Username: <Client ID copied from Cisco AMP interface>
Password: <API Key from Cisco AMP interface>
