- Supported Cloud Connectors
- Armis Cloud Connector
- AWS Cloud Connector
- AWS Multi-Tenant Cloud Connector
- Azure Cloud Connector
- Azure Cloud Connector Overview
- Azure Audit Source and Event Support
- Prerequisites to Configure the Azure Cloud Connector
- Configure the Azure Cloud Connector
- Collect EventHub Information for Azure EventHub Endpoints
- Collect all Microsoft Defender ATP Events
- Configure Azure to Monitor Security Center Events in Azure VMs
- Bitglass Cloud Connector
- Box Cloud Connector
- Centrify Cloud Connector
- Cisco AMP for Endpoints Cloud Connector
- Cisco Meraki Cloud Connector
- Cisco Umbrella Cloud Connector
- Citrix ShareFile Cloud Connector
- Cloudflare Cloud Connector
- Code42 Incydr Cloud Connector
- CrowdStrike Falcon Cloud Connector
- Cybereason Cloud Connector
- CylanceProtect Cloud Connector
- Dropbox Business Cloud Connector
- Duo Security Cloud Connector
- Egnyte Cloud Connector
- Fidelis Cloud Connector
- GitHub Cloud Connector
- Google Cloud Platform (GCP) Cloud Connector
- Google Cloud Pub/Sub Cloud Connector
- Google Workspace (Formerly G Suite) Cloud Connector
- LastPass Enterprise Cloud Connector
- Mimecast Email Security Cloud Connector
- Netskope Cloud Connector
- Office 365 Cloud Connector
- Okta Cloud Connector
- OneLogin Cloud Connector
- Palo Alto Networks SaaS Security Cloud Connector
- Ping Identity Cloud Connector
- Proofpoint Cloud Connector
- Rapid7 InsightVM Cloud Connector
- Salesforce Cloud Connector
- SentinelOne Cloud Connector
- ServiceNow Cloud Connector
- Slack App Cloud Connector
- Slack Classic App Cloud Connector (Formerly known as Slack Enterprise Grid Cloud Connector)
- Snowflake Cloud Connector
- Sophos Central Cloud Connector
- Symantec CloudSOC Cloud Connector
- Symantec Endpoint Protection (SEP) Mobile Cloud Connector
- Symantec Email Security.cloud Cloud Connector
- Symantec WSS Cloud Connector
- Tenable.io Cloud Connector
- VMware Carbon Black Cloud Endpoint Standard Cloud Connector
- Workday Cloud Connector
- Zoom Cloud Connector
- Custom Cloud Connector
- Webhook Cloud Connector
Cisco AMP for Endpoints Cloud Connector
Cisco Advance Malware Protection (AMP) is a malware analysis and protection solution that provides cloud-based antivirus and endpoint detection and response. Using cloud-based analytics, Cisco AMP monitors each file in the network and offers visibility and control over sophisticated, targeted, and continual malware threats. For more information see the Cisco AMP for Endpoints documentation.
Prerequisites to Configure the Cisco AMP for Endpoints Connector
Before you configure the Cisco AMP for Endpoints connector you must complete the following prerequisites:
Obtain the API client ID
Obtain an API key
Obtaining the API Client ID and API Key
Cisco AMP APIs are authenticated via application keys. You must obtain the API key and client ID to use while configuring the Cisco AMP for Endpoints connector.
To obtain an application key and client ID:
Log in to Cisco AMP console by accessing https://console.amp.cisco.com as an administrator.
Navigate to Accounts > API Credentials.
Click New API Credential to create a new API key and client ID.
In the Application Name box, specify a name for the application.
In the Scope area, select the permission Read-only.
Click Create.
The API Key Details section displays third party API client ID and the API key.
The API credentials help other programs retrieve and modify the Cisco AMP for Endpoints data. The API credentials appear only once. If you lose the API credentials, you must create new API credentials. Note the values for the third-party API client ID and API key represented by letters and numbers. Use the API key and client ID while configuring the Cisco AMP Connector on the Exabeam Cloud Connector platform.
Configure the Cisco AMP for Endpoints Connector
Cisco Advance Malware Protection (AMP) is a malware analysis and protection solution that provides cloud-based antivirus and endpoint detection and response. Using cloud-based analytics, Cisco AMP monitors each file in the network and offers visibility and control over sophisticated, targeted, and continual malware threats. For more information see the Cisco AMP for Endpoints documentation.
The following table displays audit source API and security events supported by the connector.
Audit Source: API | Service or Module Covered | Events Included |
|---|---|---|
Events | Any | All |
To configure the Cisco AMP connector to import data into the Exabeam Cloud Connector platform:
Complete the Prerequisites to Configure the Cisco AMP for Endpoints Connector.
Log in to the Exabeam Cloud Connectors platform with your registered credentials.
Navigate to Settings > Accounts > Add Account.
Click Select Service to Add, then select Cisco AMP from the list.
In the Accounts section, enter the required information.
Account Name – Specify a name for the Cisco AMP connector. For example, Corporate AMP for Endpoints.
(optional) Description – Describe the Cisco AMP connector. For example, Cisco Advanced Malware Protection for endpoint protection, detection, and response.
Client ID – Enter the client ID that you obtained while completing prerequisites.
Client Key – Enter the API key that you obtained while completing prerequisites.
Region – Select the region EU or US based on the AMP server that you use. If you use https://console.amp.cisco.com , select US. If you use https://console.eu.amp.cisco.com, select EU.
Note
Required fields are indicated with a red bar.
To confirm that the Exabeam Cloud Connector platform communicates with the service, click Test Connection.
Click Done to save your changes. The cloud connector is now set up on the Exabeam Cloud Connector platform.
To ensure that the connector is ready to send and collect data, Start the connector and check that the status shows
OK.