Cisco Secure Endpoint

Applies To: Cisco^® Secure Endpoint

Overview

Cisco^® Secure Endpoint (formerly AMP for Endpoints) integrates prevention, detection, threat hunting, and response capabilities in a single solution, leveraging the power of cloud-based analytics. Secure Endpoint will protect your Windows, Mac, Linux, Android, and iOS devices through a public or private cloud deployment.

EventTracker is a Managed Threat Protection platform that seamlessly combines SIEM, Log Management, File Integrity Monitoring, machine analytics, and user behavior monitoring.

EventTracker Knowledge Pack for Cisco^® Secure Endpoint allows you to monitor the following components:

• Security – Detects threats, suspicious activity, vulnerable applications, and details faults.
• Operation - Scan started and completed and system policy and update installed and deleted details.

After Cisco^® Secure Endpoint is configured to deliver events to EventTracker Manager, then the alerts, dashboards, and reports can be configured into EventTracker.

Scope

The configuration details are consistent with EventTracker version 9.3 and later, and Cisco® Secure Endpoint.

Documentation

To configure Cisco® Secure Endpoint to send logs to EventTracker, refer to the How-to Guide.

For more information, please refer to the Integration guide.