Cisco Advanced Malware Protection (AMP) includes threat intelligence, sandboxing, and malware blocking to detect, contain, and remove malware.
For more information about Cisco and Lucidum, see https://lucidum.io/cisco/.
Creating an API Key for Cisco Advanced Malware Protection
Before configuring the Cisco AMP connector in Lucidum, you must first create an API Key. Lucidum will use the API key to access the Cisco AMP API.
Log in to the admin panel of Cisco AMP.
Click the Accounts menu and choose Business Page.
Under features, click the Regenerate… button beside "3rd Party API Access" to generate the client ID and secure API Key.
View and copy the client ID and API key.
Configuring the Connector for Cisco Advanced Malware Protection
To configure Lucidum to ingest data from Cisco AMP:
Log in to Lucidum.
In the left pane, click Connector.
In the Connector page, click Add Connector.
Scroll until you find the Connector you want to configure. Click Connect. The Settings page appears.
In the Settings page, enter the following:
URL (required): The URL of the Cisco AMP API, for example, https://api.amp.cisco.com.
Client ID(required) – The credentials for a user account that has the read permissions to fetch assets.
API Key (required) – The credentials for a user account that has the read permissions to fetch assets.
Verify SSL. For future use.
To test the configuration, click Test.
If the connector is configured correctly, Lucidum displays a list of services that are accessible with the connector.
If the connector is not configured correctly, Lucidum displays an error message.