The AlienApp for Cisco AMP helps enhance the threat detection capabilities of USM Anywhere by collecting and analyzing log data from Cisco AMP and also provides orchestration actions to streamline incident response activities. It helps to enhance the threat detection capabilities of USM Anywhere by enabling you to monitor and respond to Cisco AMP events within the same pane of glass as the rest of your critical IT assets
Key features
- Advanced security orchestration allows you to view Cisco AMP events and alarms, through a consolidated dashboard
- Perform security orchestration and automated response (SOAR) actions
- Data enrichment and analytics help you capture, analyze, visualize, and respond to threats on your Cisco AMP endpoint
Key benefits
- Easily view threats impacting your organization, with insights into patterns and anomalies
- Ability to respond to threats rapidly and automatically, utilizing USM Anywhere
The app includes the following capabilities:
- Data Collection via API
- Dashboard
- Orchestration Actions
Dashboard
The Cisco AMP dashboard is automatically available from the Dashboards menu of USM Anywhere when data is being collected from Cisco AMP, and will include the following data elements (targets):
- Threat Detected - a threat was found on this system.
- Threat Quarantined - a threat was successfully quarantined
- Multiple Infected Files - multiple infected files indicate multiple files on a computer are attempting to download malware
- Executed malware - the computer-executed known malware
- Cloud IOC - suspicious behavior that indicates possible compromise of the computer
- Suspicious Download - a suspicious file was downloaded
