AMPforEndpoints
AMPforEndpoints_IsolationStart
Details
Author |
Cisco Security |
Version |
1.0 |
License |
MIT |
Website |
|
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
thehive:case_artifact |
Description
Start host isolation for an AMP for Endpoints connector
Configuration
Name |
Description |
amp_cloud |
FQDN of the AMP for Endpoints cloud to interact with |
client_id |
Client ID for AMP for Endpoints |
api_key |
API Key for AMP for Endpoints |
unlock_code |
Custom unlock code used to stop isolation from the endpoint (Maximum 24 characters) |
AMPforEndpoints_IsolationStop
Details
Author |
Cisco Security |
Version |
1.0 |
License |
MIT |
Website |
|
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
thehive:case_artifact |
Description
Stop host isolation for an AMP for Endpoints connector
Configuration
Name |
Description |
amp_cloud |
FQDN of the AMP for Endpoints cloud to interact with |
client_id |
Client ID for AMP for Endpoints |
api_key |
API Key for AMP for Endpoints |
AMPforEndpoints_MoveGUID
Details
Author |
Cisco Security |
Version |
1.0 |
License |
MIT |
Website |
|
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
thehive:case_artifact |
Description
Move an AMP for Endpoints connector GUID to a different Group
Configuration
Name |
Description |
amp_cloud |
FQDN of the AMP for Endpoints cloud to interact with |
client_id |
Client ID for AMP for Endpoints |
api_key |
API Key for AMP for Endpoints |
group_guid |
AMP for Endpoints Group GUID for the group connectors will be moved to |
AMPforEndpoints_SCDAdd
Details
Author |
Cisco Security |
Version |
1.0 |
License |
MIT |
Website |
|
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
thehive:case_artifact |
Description
Add a SHA256 to an AMP for Endpoints Simple Custom Detection list
Configuration
Name |
Description |
amp_cloud |
FQDN of the AMP for Endpoints cloud to interact with |
client_id |
Client ID for AMP for Endpoints |
api_key |
API Key for AMP for Endpoints |
scd_guid |
AMP for Endpoints Simple Custom Detection GUID |
AMPforEndpoints_SCDRemove
Details
Author |
Cisco Security |
Version |
1.0 |
License |
MIT |
Website |
|
Requires Registration |
No |
Requires Subscription |
No |
Free Subscription Available |
No |
DataType Supported |
thehive:case_artifact |
Description
Remove a SHA256 to an AMP for Endpoints Simple Custom Detection list
Configuration
Name |
Description |
amp_cloud |
FQDN of the AMP for Endpoints cloud to interact with |
client_id |
Client ID for AMP for Endpoints |
api_key |
API Key for AMP for Endpoints |
scd_guid |
AMP for Endpoints Simple Custom Detection GUID |