BlueApp for Cisco AMP

Automate detection and response for Cisco AMP Agents.

  • Adaptive Malware Protection
  • Endpoint
  • Detection
  • Response

See All BlueApps + Plug-ins >
BlueApps extend USM Anywhere’s threat detection and orchestration capabilities to other security tools at no additional cost.
Learn more ›

The BlueApp for Cisco AMP helps enhance the threat detection capabilities of USM Anywhere by collecting and analyzing log data from Cisco AMP and also provides orchestration actions to streamline incident response activities.  It helps to enhance the threat detection capabilities of USM Anywhere by enabling you to monitor and respond to Cisco AMP events within the same pane of glass as the rest of your critical IT assets

Key features

  • Advanced security orchestration allows you to view Cisco AMP events and alarms, through a consolidated dashboard
  • Perform security orchestration and automated response (SOAR) actions
  • Data enrichment and analytics help you capture, analyze, visualize, and respond to threats on your Cisco AMP endpoint

Key benefits

  • Easily view threats impacting your organization, with insights into patterns and anomalies
  • Ability to respond to threats rapidly and automatically, utilizing USM Anywhere

The app includes the following capabilities:

  • Data Collection via API
  • Dashboard
  • Orchestration Actions


The Cisco AMP dashboard is automatically available from the Dashboards menu of USM Anywhere when data is being collected from Cisco AMP, and will include the following data elements (targets):

  • Threat Detected - a threat was found on this system.
  • Threat Quarantined - a threat was successfully quarantined
  • Multiple Infected Files - multiple infected files indicate multiple files on a computer are attempting to download malware
  • Executed malware - the computer-executed known malware
  • Cloud IOC - suspicious behavior that indicates possible compromise of the computer
  • Suspicious Download - a suspicious file was downloaded

Cisco AMP Screenshot

Why you’ll love the BlueApp for Cisco AMP

Accelerate time to detection & response

  • Detect threats against your on-premises and cloud environments, and your SaaS applications, directly in USM Anywhere
  • Investigate incidents efficiently with rich, contextualized threat data in a single pane of glass
  • Automatically isolate compromised systems

Save time & money

  • Help reduce the time and expense of integrating multiple security products
  • Combine five essential security capabilities plus a growing ecosystem of BlueApps in one single console
  • Focus on threat response—not writing complex security analytics rules (LevelBlue Labs does that for you!)

Extend your security monitoring capabilities

  • Aggregate alerts and events from Cisco AMP agent
  • Know what activities and changes are happening across your endpoints directly from USM Anywhere
  • Centrally monitor and analyze events and alerts gathered from all your security point products within USM Anywhere           
Get price Free trial