Cisco Secure Endpoint
Version: 1.0.2
Cisco Secure Endpoint offers cloud-delivered next-generation antivirus and advanced endpoint detection and response.
Connect Cisco Secure Endpoint with LogicHub
- Navigate to Automations > Integrations.
- Search for Cisco Secure Endpoint.
- Click Details, then the + icon. Enter the required information in the following fields.
- Label: Enter a connection name.
- Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
- Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).
- Remote Agent: Run this integration using the LogicHub Remote Agent.
- Cisco Secure Endpoint API URL:Cisco Secure Endpoint API to use.
- Username:Username to connect to the Cisco Secure Endpoint.
- Password: Password to connect to the Cisco Secure Endpoint.
- After you've entered all the details, click Connect.
Actions for Cisco Secure Endpoint
Get Application Blocking File Lists
Get a a list of application blocking file lists.
Input Field
Choose a connection that you have previously created.
Output
JSON containing the following items:
{
"data": [
{
"name": "OUP - Application Block",
"guid": "bdb9581853",
"type": "application_blocking",
"links": {
"file_list": "https://api.eu.amp.cisco.com/v1/file_lists/bf76c3"
}
},
{
"name": "Test-Blocklist",
"guid": "a88ab591",
"type": "application_blocking",
"links": {
"file_list": "https://api.eu.amp.cisco.com/v1/file_lists/a88530"
}
}
],
"version": "v1.2.0",
"has_error": false,
"error": null,
"metadata": {
"links": {
"self": "https://api.eu.amp.cisco.com/v1/file_lists/application_blocking"
},
"results": {
"total": 2,
"current_item_count": 2,
"index": 0,
"items_per_page": 500
}
}
}
Get File List
Get a particular file list for application blocking or simple custom detection. You need to provide a file_list_guid to retrieve information about a particular file_list.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
File List Guid | Jinja-templated text containing file list guid. Example: {{file_list_id}}. | Required |
Output
JSON containing the following items:
{
"data": {
"name": "OUP - Application Block",
"guid": "bdb95fbf",
"type": "application_blocking",
"links": {
"details": "https://api.amp.cisco.com/v1/file_lists/bdb53/files"
}
},
"version": "v1.2.0",
"has_error": false,
"error": null,
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v1/file_lists/bdb53"
}
}
}
Get File List Item
Fetch file list items associated with a specific file list with given file_list_guid. Example: {{file_list_id}}
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
File List Guid | Jinja-templated text containing file list guid. Example: {{file_list_id}}. | Required |
Params | Jinja-templated JSON containing parameters. Example: {"limit":1} | Required |
Output
JSON containing the following items:
{
"data": {
"sha256": "51461b83f3b8afbcae46145be60f7ff11b5609234f1a2341283ad49c03121e6cafe",
"description": "Maze Ransomware Hashes",
"source": "Created from SHAs in File Hashes.txt from 193.63.239.133: ",
"links": {
"file_list": "https://api.amp.cisco.com/v1/file_lists/bdb95fbf"
}
},
"version": "v1.2.0",
"has_error": false,
"error": null,
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v1/file_lists/bdb95fbf/files/51461b49c03121e6cafe"
}
}
}
Get File List Item Hash
Fetch file list item with a given SHA-256 and associated with file list for given file_list_guid.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
File List Guid | Jinja-templated text containing file list guid. Example: {{file_list_id}}. | Required |
Hash | Jinja-templated text containing sha256 hash of the list item. Example: {{sha256_hash}}. | Required |
Output
JSON containing the following items:
{
"data": {
"sha256": "51461b83f3b8afbcae46145be60f7ff11b5609234f1a2341283ad49c03121e6cafe",
"description": "Maze Ransomware Hashes",
"source": "Created from SHAs in File Hashes.txt from 193.63.239.133: ",
"links": {
"file_list": "https://api.amp.cisco.com/v1/file_lists/bdb95fbf"
}
},
"version": "v1.2.0",
"has_error": false,
"error": null,
"metadata": {
"links": {
"self": "https://api.amp.cisco.com/v1/file_lists/bdb95fbf/files/51461b49c03121e6cafe"
}
}
}
Create File List Item
Create a file list item with a given SHA-256 for a specific file list with a given file_list_guid.
Input Field
Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.
Input Name | Description | Required |
---|---|---|
File List Guid | Jinja-templated text containing file list guid. Example: {{file_list_id}}. | Required |
Hash | Jinja-templated text containing sha256 hash of the list item. Example: {{sha256_hash}}. | Required |
Output
JSON containing the following items:
{
"has_error": false,
"result": {}
}
Release Notes
v1.0.2
- Bug fix : API-POST issue withCreate File List Item
v1.0.1
- Initial release
Updated 5 months ago