Samurai [Local] Collector | Samurai [Cloud] Collector | Samurai [Cloud Native] Collector |
---|---|---|
Cisco Secure Endpoint logs and data are collected via REST API.
To complete this Integration you will need to:
1) Within the Cisco Secure Endpoint web interface
2) From Cisco Secure Malware Analytics
3) From the Samurai MDR portal:
Determine API Endpoint
The URL for API access Secure Endpoint depends on the region the instance is located, at the time of writing the following are available:
- api.amp.cisco.com
- api.apjc.amp.cisco.com
- api.consumer.amp.cisco.com
- api.eu.amp.cisco.com
The URL for API access to Secure Malware Analytics depends on the region the instance is located, at the time of writing the following are available:
Take note of the appropriate URLs as it will be required when completing the Integration within the Samurai MDR portal.
Generate API Credentials
Use the steps below to generate API credentials to allow a Samurai cloud collector to gather telemetry from Secure Endpoint:
You can also refer to Cisco documentation for further information at Generate and Delete API Credentials
Log in to your Cisco Secure Endpoint Instance.
Click Accounts > API Credentials
Click + New API Credential
Add a new API key with the following information:
In the Application name field, enter an appropriate name
From the Scope list, ensure Read & Write is selected
Click Create
The API credentials are displayed
Make a note of the 3rd Party API Client ID and API Key values
The Read & Write scope is required to create the stream for collecting events.
You will need the API Client ID and API Key when completing the integration within the Samurai MDR portal.
Generate Secure Malware Analytics API Credentials
Use these steps to generate API credentials to allow Samurai to gather telemetry from Secure Malware Analytics:
Log in to your Cisco Secure Malware Analytics Instance.
In the top-right click on your account name,then My Account
If no API key has been generated previously, click Generate API Key
Make a note of the API Key
You will need the API Key when completing the integration within the Samurai MDR portal.
Complete the Cisco Secure Endpoint Integration
You will need:
- Devicename (arbitrary name)
- API Endpoint (from Determine API Endpoint)
- API Client ID (from Generate API Credentials)
- API Key (from Generate API Credentials)
- Secure Malware Analytics API Key (from Generate Secure Malware Analytics API Credentials)
Login to the Samurai MDR portal
Click Telemetry and select Integrations
Select Create
Locate and click Cisco Secure Endpoint
Click Next (we leverage a Samurai Cloud Collector)
Enter a Name of Integration
Enter a Description (Optional)
Enter your Devicename
Enter your API Endpoint
Enter your API Client ID
Enter your API Key
Enter your Secure Malware Analytics Endpoint
Enter your Secure Malware Analytics API Key
Click Finish
For general information on Integrations refer to the Integrations article.
Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.