Cisco AMP OverviewResources Applies To: Cisco AMP for Endpoints Overview Cisco Advanced Malware Protection (AMP) for Endpoints is a cloud-managed endpoint security solution that provides the visibility, context and control to prevent cyber-attacks, also rapidly detect, contain, and remediate advanced threats. EventTracker is an enterprise-class platform that seamlessly combines SIEM, Log Management, File Integrity Monitoring, machine analytics and so forth. EventTracker Knowledge Pack for Cisco AMP allows you to monitor the following components: - Security - Threat detected, suspicious activity detected, Vulnerable application and fault detected details. Operation - Scan started and completed and system policy and update installed and deleted details. Previous Next Once Cisco AMP is configured to deliver events to EventTracker Manager; Knowledge objects and reports can be configured into EventTracker. Some of the Knowledge Packs available in EventTracker are listed below. For more information, please refer Integration Guide. Security Alerts Cisco AMP- Scan Completed with Detections– This alert generates when any threat is detected while scanning. Cisco AMP- Suspicious Activity Detected – This alert generates when any suspicious activity like application launched a shell, suspicious connection detected, etc occurs. Cisco AMP- Threat Detected - This alert generates when any threat is detected or malware is executed. Reports Cisco AMP - Threat detected and quarantine details – This report gives information about all the threats detected, quarantine threats, quarantine failed and malwares executed. Cisco AMP - Vulnerable application and fault detected – This report gives the information about all the vulnerable application that is detected at the endpoints along with the critical faults raised or cleared details. Cisco AMP - Suspicious activity detected– This report gives information about all the suspicious activities like application launched a shell, suspicious connection detected, etc. Operation Reports Cisco AMP - Scan detail – This report gives information about all the scan details such as scan started, scan completed along with threat detections and scan failures. Cisco AMP - File activity – This report gives information about all the file activity details such as remote file fetching requested and request failed activity details. Cisco AMP - System activity – This report gives information about all the system and policy update, create and delete details. Scope The configurations detailed in this guide are consistent with EventTracker Enterprise version 9.x and later, and Cisco AMP for Endpoints. Documentation For more information, please refer the Cisco AMP Integration guide.