+1I have a log source integration for a customer for Cisco AMP via API. How do i go about doing this?
I have managed to get the API Key and Secret Key on Cisco AMP. I tried to find relevant information on the Google documentation, https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/cisco-amp?hl=en but this is for SOAR which is not what i want. Do anyone here have any clue or point me the right direction please? Thank you!
+16There is not a direct 3rd party API for Cisco AMP.
You can use a webhook or you could send that data to a storage bucket in GCP or AWS.
+1Thanks @dnehoda is there some kind of a read-up or guide available for using webhook for cisco amp?
+10Thanks @dnehoda is there some kind of a read-up or guide available for using webhook for cisco amp?
Not for Cisco AMP specifically, but for webhooks in general - https://cloud.google.com/chronicle/docs/administration/feed-management#setup-webhook
You can add it through SIEM Settings > Feeds:
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.