This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
New SecOps Webinar May 14th! Learn about Gemini's generative AI within Google SecOps
Log in to ask a question

Cisco AMP API Integration with Chronicle Forwarder/SecOps

Posted on 03-25-2025 02:26 AM
horongshen
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

I have a log source integration for a customer for Cisco AMP via API. How do i go about doing this?

I have managed to get the API Key and Secret Key on Cisco AMP. I tried to find relevant information on the Google documentation, https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/cisco-amp?hl=en but this is for SOAR which is not what i want. Do anyone here have any clue or point me the right direction please? Thank you!

0 3 117
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
dnehoda
Staff
Reply posted on --/--/---- --:-- AM

There is not a direct 3rd party API for Cisco AMP.  

You can use a webhook or you could send that data to a storage bucket in GCP or AWS.  

Posted on --/--/---- --:-- AM
horongshen
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Thanks @dnehoda is there some kind of a read-up or guide available for using webhook for cisco amp?

0 Likes

Posted on --/--/---- --:-- AM
cmorris
Staff
In response to horongshen
Reply posted on --/--/---- --:-- AM

Not for Cisco AMP specifically, but for webhooks in general - https://cloud.google.com/chronicle/docs/administration/feed-management#setup-webhook

You can add it through SIEM Settings > Feeds:

cmorris_0-1743076175976.png

0 Likes
Top Solution Authors
View all