Cisco Secure Endpoint
Version: Cisco® Secure Endpoint
Cisco® Secure Endpoint (formerly AMP for Endpoints) integrates prevention, detection, threat hunting, and response capabilities in a single solution, leveraging the power of cloud-based analytics. Secure Endpoint will protect your Windows, Mac, Linux, Android, and iOS devices through public or private cloud deployment.
Netsurion Open XDR seamlessly combines SIEM, Log Management, File Integrity Monitoring, machine analytics, and user behavior monitoring.
Netsurion Data Source Integration for Cisco® Secure Endpoint allows you to monitor the following components:
- Security – Alerts, and Reports for all security-related events.
- Operation – Operation report of event types Uninstall, Policy update, Threat Quarantined, etc.
After Cisco® Secure Endpoint is configured to deliver events to Netsurion Open XDR Manager, then the alerts, dashboards, and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Cisco® Secure Endpoint – Risk Detected | This alert generates when any risk is detected for the event_type_id like 1091567628, 1090519054, 1005, 1090524040 etc. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Cisco® Secure Endpoint – Events | This report gives information about all the events which are generated from Cisco® Secure Endpoint. |
| Operations | Cisco® Secure Endpoint – Events | This report gives information about all the events which are generated from Cisco® Secure Endpoint. |
Documentation
The configuration details are consistent with Netsurion Open XDR 9.3 and later, and Cisco® Secure Endpoint.
Download How-to Guide and Integration guide for configuration instructions and more information.