Cisco Secure Endpoint

Version: Cisco® Secure Endpoint

Cisco® Secure Endpoint (formerly AMP for Endpoints) integrates prevention, detection, threat hunting, and response capabilities in a single solution, leveraging the power of cloud-based analytics. Secure Endpoint will protect your Windows, Mac, Linux, Android, and iOS devices through public or private cloud deployment.

Netsurion Open XDR seamlessly combines SIEM, Log Management, File Integrity Monitoring, machine analytics, and user behavior monitoring.

Netsurion Data Source Integration for Cisco® Secure Endpoint allows you to monitor the following components:

  • Security – Alerts, and Reports for all security-related events.
  • Operation – Operation report of event types Uninstall, Policy update, Threat Quarantined, etc.

After Cisco® Secure Endpoint is configured to deliver events to Netsurion Open XDR Manager, then the alerts, dashboards, and reports can be configured into Netsurion Open XDR.

The following are the key Data Source Integration available in Netsurion Open XDR.

Alerts

Type Name Description
Security Cisco® Secure Endpoint – Risk Detected This alert generates when any risk is detected for the event_type_id like 1091567628, 1090519054, 1005, 1090524040 etc.

Reports

Type Name Description
Security Cisco® Secure Endpoint – Events This report gives information about all the events which are generated from Cisco® Secure Endpoint.
Operations Cisco® Secure Endpoint – Events This report gives information about all the events which are generated from Cisco® Secure Endpoint.

Documentation

The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Cisco® Secure Endpoint.

Download How-to Guide and Integration guide for configuration instructions and more information.