This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Cisco Secure Endpoint

    Samurai [Local] CollectorSamurai [Cloud] CollectorSamurai [Cloud Native] Collector
    Picture1.svg

    mceclip0.png Cisco Secure Endpoint logs and data are collected via REST API.

    To complete this Integration you will need to:

    1) Within the Cisco Secure Endpoint web interface

    2) From Cisco Secure Malware Analytics

    3) From the Samurai MDR portal:

    Determine API Endpoint

    The URL for API access Secure Endpoint depends on the region the instance is located, at the time of writing the following are available:

    • api.amp.cisco.com
    • api.apjc.amp.cisco.com
    • api.consumer.amp.cisco.com
    • api.eu.amp.cisco.com

    The URL for API access to Secure Malware Analytics depends on the region the instance is located, at the time of writing the following are available:

    mceclip0.png Take note of the appropriate URLs as it will be required when completing the Integration within the Samurai MDR portal.

    Generate API Credentials

    Use the steps below to generate API credentials to allow a Samurai cloud collector to gather telemetry from Secure Endpoint:

    mceclip0.png You can also refer to Cisco documentation for further information at Generate and Delete API Credentials

    1. Log in to your Cisco Secure Endpoint Instance.

    2. Click Accounts > API Credentials

    3. Click + New API Credential

    4. Add a new API key with the following information:

      • In the Application name field, enter an appropriate name

      • From the Scope list, ensure Read & Write is selected

      • Click Create

    5. The API credentials are displayed

    6. Make a note of the 3rd Party API Client ID and API Key values

    mceclip0.pngThe Read & Write scope is required to create the stream for collecting events.

    mceclip0.png You will need the API Client ID and API Key when completing the integration within the Samurai MDR portal.

    Generate Secure Malware Analytics API Credentials

    Use these steps to generate API credentials to allow Samurai to gather telemetry from Secure Malware Analytics:

    1. Log in to your Cisco Secure Malware Analytics Instance.

    2. In the top-right click on your account name,then My Account

    3. If no API key has been generated previously, click Generate API Key

    4. Make a note of the API Key

    mceclip0.png You will need the API Key when completing the integration within the Samurai MDR portal.

    Complete the Cisco Secure Endpoint Integration

    You will need:

    1. Login to the Samurai MDR portal

    2. Click Telemetry and select Integrations

    3. Select Create

    4. Locate and click Cisco Secure Endpoint

    5. Click Next (we leverage a Samurai Cloud Collector)

    6. Enter a Name of Integration

    7. Enter a Description (Optional)

    8. Enter your Devicename 

    9. Enter your API Endpoint

    10. Enter your API Client ID

    11. Enter your API Key

    12. Enter your Secure Malware Analytics Endpoint

    13. Enter your Secure Malware Analytics API Key

    14. Click Finish

    mceclip0.png For general information on Integrations refer to the Integrations article.

    Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.