Cisco Secure Endpoint

Version: 1.0.2

Cisco Secure Endpoint offers cloud-delivered next-generation antivirus and advanced endpoint detection and response.

Connect Cisco Secure Endpoint with LogicHub

  1. Navigate to Automations > Integrations.
  2. Search for Cisco Secure Endpoint.
  3. Click Details, then the + icon. Enter the required information in the following fields.
    • Label: Enter a connection name.
    • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
    • Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
    • Remote Agent: Run this integration using the LogicHub Remote Agent.
    • Cisco Secure Endpoint API URL:Cisco Secure Endpoint API to use.
    • Username:Username to connect to the Cisco Secure Endpoint.
    • Password: Password to connect to the Cisco Secure Endpoint.
  4. After you've entered all the details, click Connect.

Actions for Cisco Secure Endpoint

Get Application Blocking File Lists

Get a a list of application blocking file lists.

Input Field

Choose a connection that you have previously created.

Output

JSON containing the following items:

{
  "data": [
    {
      "name": "OUP - Application Block",
      "guid": "bdb9581853",
      "type": "application_blocking",
      "links": {
        "file_list": "https://api.eu.amp.cisco.com/v1/file_lists/bf76c3"
      }
    },
    {
      "name": "Test-Blocklist",
      "guid": "a88ab591",
      "type": "application_blocking",
      "links": {
        "file_list": "https://api.eu.amp.cisco.com/v1/file_lists/a88530"
      }
    }
  ],
  "version": "v1.2.0",
  "has_error": false,
  "error": null,
  "metadata": {
    "links": {
      "self": "https://api.eu.amp.cisco.com/v1/file_lists/application_blocking"
    },
    "results": {
      "total": 2,
      "current_item_count": 2,
      "index": 0,
      "items_per_page": 500
    }
  }
}

Get File List

Get a particular file list for application blocking or simple custom detection. You need to provide a file_list_guid to retrieve information about a particular file_list.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
File List GuidJinja-templated text containing file list guid. Example: {{file_list_id}}.Required

Output

JSON containing the following items:

{
  "data": {
    "name": "OUP - Application Block",
    "guid": "bdb95fbf",
    "type": "application_blocking",
    "links": {
      "details": "https://api.amp.cisco.com/v1/file_lists/bdb53/files"
    }
  },
  "version": "v1.2.0",
  "has_error": false,
  "error": null,
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/file_lists/bdb53"
    }
  }
}

Get File List Item

Fetch file list items associated with a specific file list with given file_list_guid. Example: {{file_list_id}}

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
File List GuidJinja-templated text containing file list guid. Example: {{file_list_id}}.Required
ParamsJinja-templated JSON containing parameters. Example: {"limit":1}Required

Output

JSON containing the following items:

{
  "data": {
    "sha256": "51461b83f3b8afbcae46145be60f7ff11b5609234f1a2341283ad49c03121e6cafe",
    "description": "Maze Ransomware Hashes",
    "source": "Created from SHAs in File Hashes.txt from 193.63.239.133: ",
    "links": {
      "file_list": "https://api.amp.cisco.com/v1/file_lists/bdb95fbf"
    }
  },
  "version": "v1.2.0",
  "has_error": false,
  "error": null,
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/file_lists/bdb95fbf/files/51461b49c03121e6cafe"
    }
  }
}

Get File List Item Hash

Fetch file list item with a given SHA-256 and associated with file list for given file_list_guid.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
File List GuidJinja-templated text containing file list guid. Example: {{file_list_id}}.Required
HashJinja-templated text containing sha256 hash of the list item. Example: {{sha256_hash}}.Required

Output

JSON containing the following items:

{
  "data": {
    "sha256": "51461b83f3b8afbcae46145be60f7ff11b5609234f1a2341283ad49c03121e6cafe",
    "description": "Maze Ransomware Hashes",
    "source": "Created from SHAs in File Hashes.txt from 193.63.239.133: ",
    "links": {
      "file_list": "https://api.amp.cisco.com/v1/file_lists/bdb95fbf"
    }
  },
  "version": "v1.2.0",
  "has_error": false,
  "error": null,
  "metadata": {
    "links": {
      "self": "https://api.amp.cisco.com/v1/file_lists/bdb95fbf/files/51461b49c03121e6cafe"
    }
  }
}

Create File List Item

Create a file list item with a given SHA-256 for a specific file list with a given file_list_guid.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input NameDescriptionRequired
File List GuidJinja-templated text containing file list guid. Example: {{file_list_id}}.Required
HashJinja-templated text containing sha256 hash of the list item. Example: {{sha256_hash}}.Required

Output

JSON containing the following items:

{
   "has_error": false,
   "result": {}
}

Release Notes

  • v1.0.2 - Bug fix : API-POST issue withCreate File List Item
  • v1.0.1 - Initial release

© Devo Technology Inc. All Rights Reserved.