Cisco Advanced Malware Protection (AMP)

Cisco Advanced Malware Protection (AMP) includes threat intelligence, sandboxing, and malware blocking to detect, contain, and remove malware.

Types of Assets Fetched

This adapter fetches the following types of assets:

• Devices
  
  

Parameters

1. Domain (required, default: 'https://api.amp.cisco.com') - URL of the Cisco AMP domain.
2. Client ID and API Key (required) - The credentials for a user account that has the Required Permissions to fetch assets.
3. HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the value supplied in Domain.
   • When supplied, Axonius uses the proxy when connecting to the value supplied in Domain.
   • When not supplied, Axonius connects directly to the value supplied in Domain.
4. To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

1. Parallel Requests Count (required, default: 5) - Set the maximum number of threads that execute API calls in parallel when fetching vulnerabilities.
2. Fetch vulnerabilities (required, default: False) - Select whether to fetch vulnerabilities on devices.
   • When enabled, all connections for this adapter also fetch vulnerabilities.
   • When disabled, all connections for this adapter do not fetch vulnerabilities.
3. Fetch Device Groups (required, default: False) - Set to send an extra request to get all groups in order to parse the group name for each device.

Required Permissions

The value supplied in Client ID and API Key must have read access to devices.

To create an API key from the admin panel:

1. Log into to the admin panel of Cisco AMP.
2. Go to the Business Page from the Accounts dropdown menu.
3. Click on the 'Edit' button.
4. Under features, click on "Regenerate…" button beside "3rd Party API Access" to generate the client ID and secure API Key.
5. Use these to connect to Cisco AMP with Axonius