Cisco AMP¶
Cyderes supports ingestion of Cisco Advanced Malware Protection (AMP) event data using the API documented here.
Chronicle Data Types¶
- CISCO_AMP
Caveats / Known Limitations¶
- API clients are allowed a limited number of requests every hour.
- Each API response will include HTTP headers detailing the status of their rate limit.
- If the limit is overrun, then an HTTP 429 Error will be returned.
| HTTP header | Description |
|---|---|
| X-Rate-Limit-Limit | total allowed requests during the current period |
| X-Rate-Limit-Remaining | number of remaining requests during the current period |
| X-Rate-Limit-Reset | number of seconds remaining in the current period |
Configuration¶
- Log in to the AMP for Endpoints Console
- Go to Accounts > API Credentials
- Click
New API Credentialto generate an API Key and Client ID
Gather Information¶
Please send the following to Cyderes once setup has been completed:
- API Key
- Client ID