Skip to main content

Cloud-delivered Incident ResponderIncident Responder Documentation

Configure the Cisco AMP for Endpoints Service

Configure Cisco AMP for Endpoints as a service to get device details, search endpoints, and run other Cisco AMP for Endpoints actions.

  • Generate a Cisco AMP for Endpoints API client ID and API key.

  • If you use a proxy, ensure that you whitelist https://api.amp.cisco.com/v1/version

  1. In the sidebar, click SETTINGSA grey gear icon, then select Core.

  2. Under SERVICE INTEGRATIONS, select Services.

  3. Select a service:

    • To configure a specific service, hover over a service, then click CONFIGURE. Use the search by vendor or filter by action to find a service.

    • To manually provide the relevant information for a service, click Configure a new serviceA dark blue plus sign..

    • To view all actions for a service, hover over a service, then click the information icon An icon of a grey i inside a grey circle..

  4. Enter information about the service:

    • Service Name – Enter a unique name for the service. By default, the service name is CiscoAMP.

    • (Optional) Description – Describe the service.

    • (Optional) Owner – Enter the email address of the person or group responsible for the service. 

    • Client ID – Enter the Cisco AMP for Endpoints API client ID you previously generated.

    • API Key – Enter the Cisco AMP for Endpoints API key you previously generated.

  5. To validate the source, select TEST CONNECTIVITY.

  6. Select CREATE SERVICE.