Cisco AMP¶
Cyderes supports ingestion of Cisco Advanced Malware Protection (AMP) event data using the API documented here.
Chronicle Data Types¶
- CISCO_AMP
Caveats / Known Limitations¶
- API clients are allowed a limited number of requests every hour.
- Each API response will include HTTP headers detailing the status of their rate limit.
- If the limit is overrun, then an HTTP 429 Error will be returned.
| HTTP header | Description |
|---|---|
| X-Rate-Limit-Limit | total allowed requests during the current period |
| X-Rate-Limit-Remaining | number of remaining requests during the current period |
| X-Rate-Limit-Reset | number of seconds remaining in the current period |
Configuration¶
- Log in to the AMP for Endpoints Console
- Go to Accounts > API Credentials
- Click
New API Credentialto generate an API Key and Client ID
Gather Information¶
Please include the credential's expiration date if available
Please send the following to Cyderes once setup has been completed:
- API Key
- Client ID