Cisco Secure Endpoint
  • 20 Mar 2025
  • 1 Minute to read
  • Dark
    Light

Cisco Secure Endpoint

  • Dark
    Light

Article summary

Cisco Secure Endpoint is a cloud-delivered endpoint protection solution that helps businesses defend against advanced threats to their servers, desktops, and mobile devices. For detailed information refer to the Cisco Secure Endpoint’s official documentation.

Integration Method: API

Tables: Detection Finding (2004)

This integration supports the following event.

Event

Description

Detection Events

Get the list of Detection Events

This integration supports the following version.

Note:

Cisco Secure Endpoint doesn’t follow a traditional versioning system. Instead, it is a continuously updated cloud service. As of this document preparation, latest release for windows 11 support was on 30-May-2024.

Prerequisites

  • The user should have access to the Cisco secure endpoint portal.

  • The user should have Cisco secure endpoint API Client ID and API Key.

  • The user should have access to the DataBee console.

Configuration Overview

  1. Get the API Client ID and API Key from Cisco Secure Endpoint portal.

  2. Add the Cisco Secure Endpoint data feed in the DataBee console with the below parameters.

    DataBee Parameter

    Cisco Secure Endpoint Parameter

    Username

    API Client ID

    Password

    API Key

Cisco Secure Endpoint Configuration

  1. Log in to your AMP for Endpoints Console.

  2. On the Cisco Secure Endpoint dashboard, navigate to Administration section and click API Credentials.

  3. Click New API Credential to create a new API credential.

  4. The “New API Credential” window appears. To create a new API Credential:

    1. Enter the ‘Application name’.

    2. Select the Read-only ‘Scope’.

    3. Click Create.

  5. Copy the API Client ID and API Key. This will be used as username and password when we create a data source in DataBee.

    A screenshot of a computer  AI-generated content may be incorrect.


    Note:

    API credentials will be visible only once. So, copy it and store it securely.

DataBee Configuration

  1. Login to the DataBee UI, navigate to Data > Data Feeds and click the Add New Data Feed button.

    A screenshot of a computer  AI-generated content may be incorrect.

  2. Search for Cisco Secure Endpoint and click it as shown below.

    A screenshot of a computer  AI-generated content may be incorrect.

  3. Click on the API Ingest option for collection method.

    A screenshot of a computer  AI-generated content may be incorrect.

  4. Enter feed contact information and click Next.

  5. In the configuration page, confirm the following:

    • Authorization Method: Basic

    • API Base URL: this is the base URL that DataBee will interact with.

      • Replace <server_id> with ID of your configured server.

      • There are the server ids available as shown below. Replace as per your server configuration.

        • North America: https://api.amp.cisco.com

        • Europe: https://api.eu.amp.cisco.com

        • Asia Pacific, Japan and China: https://api.apjc.amp.cisco.com

        • Consumer: https://api.consumer.amp.cisco.com

    • Username: paste the API Client ID.

    • Password: paste the API Key.

    • Event Types: preselected for all the event types that integration pulls.

  6. Click Submit.

Troubleshooting Tips

  • If you are facing unauthorized (401) error, this might be possibly due to incorrect API Credentials. Please refer to the API Credentials to retrieve the API details.


Was this article helpful?

What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Eddy AI, facilitating knowledge discovery through conversational intelligence