Cisco AMP

Cisco AMP is an intelligence-powered, integrated, enterprise-class advanced malware analysis and protection solution.

Integration with LogicHub

Connecting with Cisco AMP

To connect to Cisco AMP following details are required:

  • Label: Connection name.
  • Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.
  • API Client ID: The API Client ID to connect to the Cisco AMP.
  • API Key: The API key to connect to the Cisco AMP.

Actions with Cisco AMP

Get Events

Retrieve events. This is analogous to the Events view on the Cisco AMP Console.

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • Detection SHA256 (Optional): Returns events matching Detection SHA256.
  • Application SHA256 (Optional): Returns events matching Application SHA256.
  • Connector GUID (Optional): Returns events matching Connector GUID.
  • Group GUID (Optional): Returns events matching Group GUID.
  • Event Type (Optional): Returns events matching Event Type IDs e.g. 1090519054,1090519084.
  • Max Events (Optional): The number of events to return. Possible values are 1 through 50000 (default is 1000).

Output of Action:
JSON containing the following items:

  • has_error: True/False
  • error: message/null
  • result: The result returns event matching the actions.
{"has_error": false, "noResults": "no results returned", "error": null}

Add to File List

Adds a SHA-256 to a File List.

Inputs to this Action:

  • Connections: Choose a connection that you have created.
  • File List GUID: GUID of File List.
  • SHA-256: Column name from parent table containing SHA-256.

Output of Action:
JSON containing the following items:

  • has_error: True/False
  • error: message/null
{
   "has_error": true,
   "error": "The value of SHA256 is empty."
}

Did this page help you?