Skip to content

Cisco AMP

Cyderes supports ingestion of Cisco Advanced Malware Protection (AMP) event data using the API documented here.

Chronicle Data Types


Caveats / Known Limitations

  • API clients are allowed a limited number of requests every hour.
  • Each API response will include HTTP headers detailing the status of their rate limit.
  • If the limit is overrun, then an HTTP 429 Error will be returned.
HTTP header Description
X-Rate-Limit-Limit total allowed requests during the current period
X-Rate-Limit-Remaining number of remaining requests during the current period
X-Rate-Limit-Reset number of seconds remaining in the current period


  • Log in to the AMP for Endpoints Console
  • Go to Accounts > API Credentials
  • Click New API Credential to generate an API Key and Client ID

Gather Information

Please send the following to Cyderes once setup has been completed:

  • API Key
  • Client ID