Perch integrates with your Cisco Advanced Malware Protection (AMP) for Endpoints to pull data feeds or events from AMP for Endpoints. You need a license for AMP for Endpoints and some data from AMP for the associated region (US, EU, APAC), ClientID, and API Key.
You can get all of this information from the Cisco AMP for Endpoints admin panel.
To set up the integration:
On the Cisco AMP for Endpoint integration page enter the required information, API region, ClientID, and API key. Then save and test your integration. After a successful test, enable log collection.
Perch will regularly poll Cisco to record integration health. If integration health checks are failing, Perch is unable to pull events from Cisco AMP for Endpoints.
Perch will collect all available events from Cisco AMP for Endpoints. When you first set up the integration, Perch will request the last 24 hours of logs and then update on 15-minute intervals. Cisco AMP for Endpoint customers have API rate limits which can impact Perch’s ability to collect logs if the API rate limit has been reached. If a pull fails, Perch will keep track of it and re-request the data when the Cisco endpoint is healthy.
With your logs from Cisco AMP for Endpoints in Perch, you can do things like search through the logs in Perchybana, create visualizations and dashboards, set up an event notification to be notified of specific events via email, create a CW manage ticket, or have the Perch SOC triage the events.
Still having trouble? Reach out to one or our specialists at firstname.lastname@example.org