- 20 Mar 2025
- 1 Minute to read
- Print
- DarkLight
Cisco Secure Endpoint
- Updated on 20 Mar 2025
- 1 Minute to read
- Print
- DarkLight
Cisco Secure Endpoint is a cloud-delivered endpoint protection solution that helps businesses defend against advanced threats to their servers, desktops, and mobile devices. For detailed information refer to the Cisco Secure Endpoint’s official documentation.
Integration Method: API
Tables: Detection Finding (2004)
This integration supports the following event.
Event | Description |
---|---|
Detection Events | Get the list of Detection Events |
This integration supports the following version.
Note:
Cisco Secure Endpoint doesn’t follow a traditional versioning system. Instead, it is a continuously updated cloud service. As of this document preparation, latest release for windows 11 support was on 30-May-2024.
Prerequisites
The user should have access to the Cisco secure endpoint portal.
The user should have Cisco secure endpoint API Client ID and API Key.
The user should have access to the DataBee console.
Configuration Overview
Get the API Client ID and API Key from Cisco Secure Endpoint portal.
Add the Cisco Secure Endpoint data feed in the DataBee console with the below parameters.
DataBee Parameter
Cisco Secure Endpoint Parameter
Username
API Client ID
Password
API Key
Cisco Secure Endpoint Configuration
Log in to your AMP for Endpoints Console.
On the Cisco Secure Endpoint dashboard, navigate to Administration section and click API Credentials.
Click New API Credential to create a new API credential.
The “New API Credential” window appears. To create a new API Credential:
Enter the ‘Application name’.
Select the Read-only ‘Scope’.
Click Create.
Copy the API Client ID and API Key. This will be used as username and password when we create a data source in DataBee.
Note:
API credentials will be visible only once. So, copy it and store it securely.
DataBee Configuration
Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.
Search for Cisco Secure Endpoint and click it as shown below.
Click on the API Ingest option for collection method.
Enter feed contact information and click Next.
In the configuration page, confirm the following:
Authorization Method: Basic
API Base URL: this is the base URL that DataBee will interact with.
Replace <server_id> with ID of your configured server.
There are the server ids available as shown below. Replace as per your server configuration.
North America: https://api.amp.cisco.com
Europe: https://api.eu.amp.cisco.com
Asia Pacific, Japan and China: https://api.apjc.amp.cisco.com
Consumer: https://api.consumer.amp.cisco.com
Username: paste the API Client ID.
Password: paste the API Key.
Event Types: preselected for all the event types that integration pulls.
Click Submit.
Troubleshooting Tips
If you are facing unauthorized (401) error, this might be possibly due to incorrect API Credentials. Please refer to the API Credentials to retrieve the API details.