Category: Tag:

Customer

Customer is a leading SIEM solution provider.

They provide a platform for companies to aggregate and act upon Threat Intelligence.

Requirement

Customer requested to build a Connector to integrate their platform with Cisco AMP End Event Monitoring to collect events and perform orchestration action like isolation, unisolation based on file hash, IP address, change host group, and add IOC list based on security alert or event.

data-protection

Technology Solution

Sacumen developed the Connector app to integrate Cisco AMP using java, and Apache REST. The Connector app performs the following actions:

Set up the prerequisites

Login Cisco AMP Endpoint

Setup the Connect App

Authenticate using API (REST) with Basic OAuth , the access using API Key and Client ID.

Collect the events

Collect event based on a filter like event type, event creation date

Sampling of the records to calculate estimated EPS.

Calculate the error rate.

Calculate bandwidth consumption.

Perform orchestration action like isolate host, change host group, and add a host to IOC list

Do you need free Consultation for your security product integration?

    There are no reviews yet.

    Be the first to review “SIEM Integration with Cisco AMP”