Cisco Advanced Malware Protection (AMP)
  • 24 Mar 2022
  • 1 Minute to read
  • Dark
    Light
  • PDF

Cisco Advanced Malware Protection (AMP)

  • Dark
    Light
  • PDF

Cisco Advanced Malware Protection (AMP) includes threat intelligence, sandboxing, and malware blocking to detect, contain, and remove malware.

Note:

This adapter supports Cisco Secure Endpoint

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices

Parameters

  1. Domain (required, default: 'https://api.amp.cisco.com') - URL of the Cisco AMP domain.
  2. Client ID and API Key (required) - The credentials for a user account that has the Required Permissions to fetch assets.
  3. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in Domain.
    • When supplied, Axonius uses the proxy when connecting to the value supplied in Domain.
    • When not supplied, Axonius connects directly to the value supplied in Domain.
  4. To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

image.png

Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters

  1. Parallel Requests Count (required, default: 5) - Set the maximum number of threads that execute API calls in parallel when fetching vulnerabilities.
  2. Fetch vulnerabilities (required, default: False) - Select whether to fetch vulnerabilities on devices.
    • When enabled, all connections for this adapter also fetch vulnerabilities.
    • When disabled, all connections for this adapter do not fetch vulnerabilities.
  3. Fetch Device Groups (required, default: False) - Set to send an extra request to get all groups in order to parse the group name for each device.

CiscoAMPADvN.png


Note:

To learn more about Adapter Configuration tab advanced settings, see Adapter Advanced Settings.


Required Permissions

The value supplied in Client ID and API Key must have read access to devices.

To create an API key from the admin panel:

  1. Log into to the admin panel of Cisco AMP.
  2. Go to the Business Page from the Accounts dropdown menu.
  3. Click on the 'Edit' button.
  4. Under features, click on "Regenerate…" button beside "3rd Party API Access" to generate the client ID and secure API Key.
  5. Use these to connect to Cisco AMP with Axonius


First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.