Cisco Secure Endpoint

Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.

Product	Samurai [Local] Collector	Samurai [Cloud] Collector
Cisco Secure Endpoint

Cisco Secure Endpoint logs and data are collected via REST API.

To complete this Integration you will need to:

1) Within the Cisco Secure Endpoint web interface

• Determine API Endpoint
• Generate API Credentials

2) From Cisco Secure Malware Analytics

• Generate Secure Malware Analytics API Credentials

3) From the Samurai application:

• Complete the Cisco Secure Endpoint

Determine API Endpoint

The URL for API access Secure Endpoint depends on the region the instance is located, at the time of writing the following are available:

• api.amp.cisco.com
• api.apjc.amp.cisco.com
• api.consumer.amp.cisco.com
• api.eu.amp.cisco.com

The URL for API access to Secure Malware Analytics depends on the region the instance is located, at the time of writing the following are available:

• https://panacea.threatgrid.com
• https://panacea.threatgrid.eu

Take note of the appropriate URLs as it will be required when completing the Integration within the Samurai MDR application.

Generate API Credentials

Use the steps below to generate API credentials to allow a Samurai cloud collector to gather telemetry from Secure Endpoint:

You can also refer to Cisco documentation for further information at Generate and Delete API Credentials

1. Log in to your Cisco Secure Endpoint Instance.

2. Click Accounts > API Credentials

3. Click + New API Credential

4. Add a new API key with the following information:

   • In the Application name field, enter an appropriate name

   • From the Scope list, ensure Read & Write is selected

   • Click Create

5. The API credentials are displayed

6. Make a note of the 3rd Party API Client ID and API Key values

The Read & Write scope is required to create the stream for collecting events.

You will need the API Client ID and API Key when completing the integration within the Samurai application.

Generate Secure Malware Analytics API Credentials

Use these steps to generate API credentials to allow Samurai to gather telemetry from Secure Malware Analytics:

1. Log in to your Cisco Secure Malware Analytics Instance.

2. In the top-right click on your account name,then My Account

3. If no API key has been generated previously, click Generate API Key

4. Make a note of the API Key

You will need the API Key when completing the integration within the Samurai application.

Complete the Cisco Secure Endpoint Integration

You will need:

• Devicename (arbitrary name)
• API Endpoint (from Determine API Endpoint)
• API Client ID (from Generate API Credentials)
• API Key (from Generate API Credentials)
• Secure Malware Analytics API Key (from Generate Secure Malware Analytics API Credentials)

1. Login to the Samurai MDR web application

2. Select Integrations

3. Select Create

4. Locate and click Cisco Secure Endpoint

5. Click Next (we leverage a Samurai Cloud Collector)

6. Enter a Name of Integration

7. Enter a Description (Optional)

8. Enter your Devicename 

9. Enter your API Endpoint

10. Enter your API Client ID

11. Enter your API Key

12. Enter your Secure Malware Analytics Endpoint

13. Enter your Secure Malware Analytics API Key

14. Click Finish

For general information on Integrations refer to the Integrations article.