Skip to content

Cisco AMP

Cyderes supports ingestion of Cisco Advanced Malware Protection (AMP) event data using the API documented here.

Chronicle Data Types

  • CISCO_AMP

Caveats / Known Limitations

  • API clients are allowed a limited number of requests every hour.
  • Each API response will include HTTP headers detailing the status of their rate limit.
  • If the limit is overrun, then an HTTP 429 Error will be returned.
HTTP header Description
X-Rate-Limit-Limit total allowed requests during the current period
X-Rate-Limit-Remaining number of remaining requests during the current period
X-Rate-Limit-Reset number of seconds remaining in the current period

Configuration

  • Log in to the AMP for Endpoints Console
  • Go to Accounts > API Credentials
  • Click New API Credential to generate an API Key and Client ID

Gather Information

Please include the credential's expiration date if available

Please send the following to Cyderes once setup has been completed:

  • API Key
  • Client ID