Cisco Advanced Malware Protection (AMP)
- 16 May 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Cisco Advanced Malware Protection (AMP)
- Updated on 16 May 2024
- 1 Minute to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
Cisco Advanced Malware Protection (AMP) includes threat intelligence, sandboxing, and malware blocking to detect, contain, and remove malware.
Note:
This adapter supports Cisco Secure Endpoint
Related Enforcement Actions:
Types of Assets Fetched
This adapter fetches the following types of assets:
- Devices
Parameters
- Domain (required, default: 'https://api.amp.cisco.com') - URL of the Cisco AMP domain.
- Client ID and API Key (required) - The credentials for a user account that has the Required Permissions to fetch assets.
- HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in Domain.
- When supplied, Axonius uses the proxy when connecting to the value supplied in Domain.
- When not supplied, Axonius connects directly to the value supplied in Domain.
- To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.
Advanced Settings
Note:
Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to Advanced Configuration for Adapters
- Parallel Requests Count (required, default: 5) - Set the maximum number of threads that execute API calls in parallel when fetching vulnerabilities.
- Fetch vulnerabilities (required, default: False) - Select whether to fetch vulnerabilities on devices.
- When enabled, all connections for this adapter also fetch vulnerabilities.
- When disabled, all connections for this adapter do not fetch vulnerabilities.
- Fetch Device Groups (required, default: False) - Set to send an extra request to get all groups in order to parse the group name for each device.
Note:
To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.
Required Permissions
The value supplied in Client ID and API Key must have read access to devices.
To create an API key from the admin panel:
- Log into to the admin panel of Cisco AMP.
- Go to the Business Page from the Accounts dropdown menu.
- Click on the 'Edit' button.
- Under features, click on "Regenerate…" button beside "3rd Party API Access" to generate the client ID and secure API Key.
- Use these to connect to Cisco AMP with Axonius
Was this article helpful?