Getting Data In

How do I ingest Cisco Advanced Malware Protection (AMP) for endpoint logs into Splunk?

kiran331
Builder

Hello,

Is there an Add-on using API to ingest Cisco AMP logs into Splunk. I tried using streamer, but it's not puling all the information. Is there any way of using API to get these logs?

1 Solution

jemunos
Engager

Please see the following:
Cisco AMP for Endpoints Events Input - https://splunkbase.splunk.com/app/3670/
Cisco AMP for Endpoints CIM Add-on - https://splunkbase.splunk.com/app/3686/

View solution in original post

0 Karma

heycisco
New Member

The Splunk app leverages the A4E Streaming Event API. This API requires read/write access. Also, it'll allow only five concurrent streams (a "stream", for this purpose, is the same as an "input" in the Splunk app - it's a set of event types and groups you'll pull from A4E). The streaming API doesn't do garbage collection, though, so when you delete an input in Splunk, you'd need to also manually delete the stream in the API; so keep an eye on that complexity." If you are still having trouble, you may want to reach out to Cisco TAC for support.

0 Karma

jemunos
Engager

Please see the following:
Cisco AMP for Endpoints Events Input - https://splunkbase.splunk.com/app/3670/
Cisco AMP for Endpoints CIM Add-on - https://splunkbase.splunk.com/app/3686/

0 Karma

jemunos
Engager

Please file issues on the development GitHub.
https://github.com/Cisco-AMP/amp4e_splunk_events_input/issues

0 Karma

ksirisawatdi_sp
Splunk Employee
Splunk Employee

Seem can't get the Input to work. Keep getting timeout connecting. I have test manual telnet with port 443. It is working when test with telnet. Any advise?

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...