Getting Data In

How to configure Cisco AMP for Endpoints Events input

Kayoko
New Member

I tried to configure the AMP for Endpoints API Access on the Cisco AMP for Endpoints Events input app. However the configuration information is not working properly.
I got error message which is stated "Warning! We couldn’t retrieve the information from API with provided credentials. Please make sure the API host is accessible or re-configure the input with correct credentials."

AMP for Endpoints API Host: api.amp.cisco.com
API Client ID : entered the client ID generated by Cisco AMP (API Client have read and write scope)
API Key: entered the secret API key generated by Cisco AMP

If there is any instruction for setting of Cisco AMP for Endpoints Events input app?

Best Regards,

Tags (2)
0 Karma

jdamico1092
New Member

I'm also experiencing the same issue. I've verified connectivity and key access by using the curl command. Both return the expected output. Any ideas? The endpoint I'm using is api.amp.cisco.com which should be correct.

0 Karma

troja007
New Member

Any solution for this?? My splunk instance shows the same problem.

0 Karma

aamer86
Path Finder

Hi I just resolved this and thought to share it

first thing I noticed is
AMP for Endpoints API Host should be api.eu.amp.cisco.com

Try this as a start

if it doesn't work let me know as i got it working

0 Karma

aamer86
Path Finder

Hi I just resolved this and thought to share it

first thing I noticed is
AMP for Endpoints API Host should be api.eu.amp.cisco.com

Try this as a start

if it doesn't work let me know as i got it working

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...