Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai Help Center and we shall get it updated.
Product |
Samurai [Local] Collector |
Samurai [Cloud] Collector |
Cisco Secure Endpoint |
|
Cisco Secure Endpoint logs and data are collected via REST API.
To complete this Integration you will need to:
1) Within the Cisco Secure Endpoint web interface
2) From Cisco Secure Malware Analytics
3) From the Samurai application:
Determine API Endpoint
The URL for API access Secure Endpoint depends on the region the instance is located, at the time of writing the following are available:
- api.amp.cisco.com
- api.apjc.amp.cisco.com
- api.consumer.amp.cisco.com
- api.eu.amp.cisco.com
The URL for API access to Secure Malware Analytics depends on the region the instance is located, at the time of writing the following are available:
- https://panacea.threatgrid.com
- https://panacea.threatgrid.eu
Take note of the appropriate URLs as it will be required when completing the Integration within the Samurai MDR application.
Generate API Credentials
Use the steps below to generate API credentials to allow a Samurai cloud collector to gather telemetry from Secure Endpoint:
You can also refer to Cisco documentation for further information at Generate and Delete API Credentials
- Log in to your Cisco Secure Endpoint Instance.
- Click Accounts > API Credentials
-
Click + New API Credential
-
Add a new API key with the following information:
-
In the Application name field, enter an appropriate name
-
From the Scope list, ensure Read & Write is selected
- Click Create
-
In the Application name field, enter an appropriate name
-
The API credentials are displayed
-
Make a note of the 3rd Party API Client ID and API Key values
The Read & Write scope is required to create the stream for collecting events.
You will need the API Client ID and API Key when completing the integration within the Samurai application.
Generate Secure Malware Analytics API Credentials
Use these steps to generate API credentials to allow Samurai to gather telemetry from Secure Malware Analytics:
- Log in to your Cisco Secure Malware Analytics Instance.
-
In the top-right click on your account name, then My Account
- If no API key has been generated previously, click Generate API Key
- Make a note of the API Key
You will need the API Key when completing the integration within the Samurai application.
Complete the Cisco Secure Endpoint Integration
You will need:
- Devicename (arbitrary name)
- API Endpoint (from Determine API Endpoint)
- API Client ID (from Generate API Credentials)
- API Key (from Generate API Credentials)
- Secure Malware Analytics API Key (from Generate Secure Malware Analytics API Credentials)
- Login to the Samurai MDR web application
- Select Integrations
- Select Create
- Locate and click Cisco Secure Endpoint
- Click Next (we leverage a Samurai Cloud Collector)
- Enter a Name of Integration
- Enter a Description (Optional)
- Enter your Devicename
- Enter your API Endpoint
- Enter your API Client ID
- Enter your API Key
- Enter your Secure Malware Analytics Endpoint
- Enter your Secure Malware Analytics API Key
- Click Finish
For general information on Integrations refer to the Integrations article.
Comments
0 comments
Article is closed for comments.