Cisco Secure Endpoint

Version: Cisco® Secure Endpoint

Cisco® Secure Endpoint (formerly AMP for Endpoints) integrates prevention, detection, threat hunting, and response capabilities in a single solution, leveraging the power of cloud-based analytics. Secure Endpoint will protect your Windows, Mac, Linux, Android, and iOS devices through public or private cloud deployment.

Netsurion seamlessly combines SIEM, Log Management, File Integrity Monitoring, machine analytics, and user behavior monitoring.

Netsurion Data Source Integration for Cisco® Secure Endpoint allows you to monitor the following components:

  • Security – Alerts, and Reports for all security-related events.
  • Operation - Operation report of event types Uninstall, Policy update, Threat Quarantined, etc.

After Cisco® Secure Endpoint is configured to deliver events to Netsurion Manager, then the alerts, dashboards, and reports can be configured into Netsurion.

Alerts

Type Name Description
Security Cisco® Secure Endpoint - Risk Detected This alert generates when any risk is detected for the event_type_id like 1091567628, 1090519054, 1005, 1090524040 etc.

Reports

Type Name Description
Security Cisco® Secure Endpoint - Events This report gives information about all the events which are generated from Cisco® Secure Endpoint.
Opeartions Cisco® Secure Endpoint - Events This report gives information about all the events which are generated from Cisco® Secure Endpoint.

Documentation

The configuration details are consistent with Netsurion version 9.3 and later, and Cisco® Secure Endpoint.

Downlaod How-to Guide and Integration guide for more information and to configuration instructions.

.