How to configure Cisco AMP for Endpoints Events in...

Kayoko · ‎11-06-2018

I tried to configure the AMP for Endpoints API Access on the Cisco AMP for Endpoints Events input app. However the configuration information is not working properly.
I got error message which is stated "Warning! We couldn’t retrieve the information from API with provided credentials. Please make sure the API host is accessible or re-configure the input with correct credentials."

AMP for Endpoints API Host: api.amp.cisco.com
API Client ID : entered the client ID generated by Cisco AMP (API Client have read and write scope)
API Key：　entered the secret API key generated by Cisco AMP

If there is any instruction for setting of Cisco AMP for Endpoints Events input app?

Best Regards,

jdamico1092 · ‎05-31-2019

I'm also experiencing the same issue. I've verified connectivity and key access by using the curl command. Both return the expected output. Any ideas? The endpoint I'm using is api.amp.cisco.com which should be correct.

troja007 · ‎08-13-2019

Any solution for this?? My splunk instance shows the same problem.

aamer86 · ‎02-19-2019

Hi I just resolved this and thought to share it

first thing I noticed is
AMP for Endpoints API Host should be api.eu.amp.cisco.com

Try this as a start

if it doesn't work let me know as i got it working

aamer86 · ‎02-19-2019

Hi I just resolved this and thought to share it

first thing I noticed is
AMP for Endpoints API Host should be api.eu.amp.cisco.com

Try this as a start

if it doesn't work let me know as i got it working

How to configure Cisco AMP for Endpoints Events input

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services