Run your Python input script on a heavy forwarder in your on-prem network. Download the "Universal Forwarder" app from your Splunk Cloud instance to configure the HF to send events to the Cloud.
If your Splunk Cloud stack is on the Victoria experience, then you can put your Python script into a custom app and install that on your search head. That assumes, of course, your Cisco AMP devices can be accessed from the Cloud.
Didn't think of it that way, treat the SH as a receiver, not a collector. I tried the second option previously and support stumbled "bad" so reluctant to burn hours (really, days) on that again
Run your Python input script on a heavy forwarder in your on-prem network. Download the "Universal Forwarder" app from your Splunk Cloud instance to configure the HF to send events to the Cloud.
If your Splunk Cloud stack is on the Victoria experience, then you can put your Python script into a custom app and install that on your search head. That assumes, of course, your Cisco AMP devices can be accessed from the Cloud.