Cisco Secure Endpoint

Samurai [Local] CollectorSamurai [Cloud] Collector
Picture1.svg

To complete this Integration you will need to:

1) Within the Cisco Secure Endpoint web interface

2) From Cisco Secure Malware Analytics

3) From the Samurai MDR portal:

Determine API Endpoint

The URL for API access Secure Endpoint depends on the region the instance is located, at the time of writing the following are available:

  • api.amp.cisco.com
  • api.apjc.amp.cisco.com
  • api.consumer.amp.cisco.com
  • api.eu.amp.cisco.com

The URL for API access to Secure Malware Analytics depends on the region the instance is located, at the time of writing the following are available:

Generate API Credentials

Use the steps below to generate API credentials to allow a Samurai cloud collector to gather telemetry from Secure Endpoint:

  1. Log in to your Cisco Secure Endpoint Instance.

  2. Click Accounts > API Credentials

  3. Click + New API Credential

  4. Add a new API key with the following information:

    • In the Application name field, enter an appropriate name

    • From the Scope list, ensure Read & Write is selected

    • Click Create

  5. The API credentials are displayed

  6. Make a note of the 3rd Party API Client ID and API Key values

Generate Secure Malware Analytics API Credentials

Use these steps to generate API credentials to allow Samurai to gather telemetry from Secure Malware Analytics:

  1. Log in to your Cisco Secure Malware Analytics Instance.

  2. In the top-right click on your account name,then My Account

  3. If no API key has been generated previously, click Generate API Key

  4. Make a note of the API Key

Complete the Cisco Secure Endpoint Integration

You will need:

  1. Login to the Samurai MDR portal

  2. Click Telemetry and select Integrations

  3. Select Create

  4. Locate and click Cisco Secure Endpoint

  5. Click Next (we leverage a Samurai Cloud Collector)

  6. Enter a Name of Integration

  7. Enter a Description (Optional)

  8. Enter your Devicename 

  9. Enter your API Endpoint

  10. Enter your API Client ID

  11. Enter your API Key

  12. Enter your Secure Malware Analytics Endpoint

  13. Enter your Secure Malware Analytics API Key

  14. Click Finish

Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.