AlienVault® USM Anywhere™

Configuring the Cisco AMP App

Role Availability Read-Only Analyst Manager

To use the AlienApp for Cisco Advance Malware Protection (AMP) in USM Anywhere, you first need to log in to Cisco AMP to create the API credentials.

To create the connected app in Cisco AMP

Follow the Cisco documentation on how to create API credentials to obtain the third party API client identification and API key.

Connecting the Cisco AMP App in USM Anywhere

After you obtain the credentials, you must configure the connection within USM Anywhere.

To enable the AlienApp for Cisco AMP

  1. In USM Anywhere, go to Data Sources > Integrations.
  2. Click the AlienApps tab.

    Available Apps tab

  3. On the AlienApps page, click the Cisco AMP tile.

  4. If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.

    AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor, so it is important to make sure the sensor has network access to the AlienApp API endpoints.

  5. Click the Settings tab.
  6. Enter your information into the following fields:

    • Client ID
    • API Key
  7. In the Event Types field, you can specify the event types you want the AlienApp for Cisco AMP to collect.

    When the Event Types field is left blank, AlienApp for Cisco AMP collects all event types. See the Cisco AMP documentation for more details on event types.

  8. Click Save.