Configure the Cisco AMP Beat

Create an Cisco AMP API Read-Only Account

To use the Cisco AMP for Endpoint API, you must set up an API credential. Event collection requires a Read-Only API account.

1. Log in to the Cisco Console.
2. Click Accounts, and then click API Credentials.
3. On the API Credentials page, click New API Credential to create a new set of keys.
   The New API Credential page appears. 
4. In the Application name field, enter valid name, for example - LogRhythm.
5. In the Scope field, select Read-only.
6. Click Create.
   The API Key Details page appears.

7. Copy the 3rd Party API Client ID and API Key information to a secure location, such as a password manager or encrypted file.

   

   Note the following Cisco warnings:

   • API credentials allow other programs to retrieve and modify your Cisco AMP for Endpoints data. It is functionally equivalent to a username and password, and should be treated as such.
   • If you suspect the API credentials for an application have been compromised, delete them and create new ones. Deleting API credentials locks out any clients using the old ones, so make sure to notify them of the new credentials.
   • Your API credentials are not stored in plain text and can only be displayed once. If you lose the credentials, you must generate new ones.
8. Go back to the Cisco Console home page.
9. Click Accounts, and then click API Credentials.
   You should now see the LogRhythm account.
10. (Optional) You can expand the account details and verify the Read-Only scope by clicking on the + box to the left of the account name.