AMPforEndpoints
AMPforEndpoints_SCDAdd
Author: Cisco Security
License: MIT
Version: 1.0
Supported data types:
- thehive:case_artifact
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Add a SHA256 to an AMP for Endpoints Simple Custom Detection list
Configuration
| amp_cloud |
FQDN of the AMP for Endpoints cloud to interact with |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| client_id |
Client ID for AMP for Endpoints |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| api_key |
API Key for AMP for Endpoints |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| scd_guid |
AMP for Endpoints Simple Custom Detection GUID |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
AMPforEndpoints_IsolationStart
Author: Cisco Security
License: MIT
Version: 1.0
Supported data types:
- thehive:case_artifact
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Start host isolation for an AMP for Endpoints connector
Configuration
| amp_cloud |
FQDN of the AMP for Endpoints cloud to interact with |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| client_id |
Client ID for AMP for Endpoints |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| api_key |
API Key for AMP for Endpoints |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| unlock_code |
Custom unlock code used to stop isolation from the endpoint (Maximum 24 characters) |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
False |
AMPforEndpoints_MoveGUID
Author: Cisco Security
License: MIT
Version: 1.0
Supported data types:
- thehive:case_artifact
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Move an AMP for Endpoints connector GUID to a different Group
Configuration
| amp_cloud |
FQDN of the AMP for Endpoints cloud to interact with |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| client_id |
Client ID for AMP for Endpoints |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| api_key |
API Key for AMP for Endpoints |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| group_guid |
AMP for Endpoints Group GUID for the group connectors will be moved to |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
AMPforEndpoints_IsolationStop
Author: Cisco Security
License: MIT
Version: 1.0
Supported data types:
- thehive:case_artifact
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Stop host isolation for an AMP for Endpoints connector
Configuration
| amp_cloud |
FQDN of the AMP for Endpoints cloud to interact with |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| client_id |
Client ID for AMP for Endpoints |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| api_key |
API Key for AMP for Endpoints |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
AMPforEndpoints_SCDRemove
Author: Cisco Security
License: MIT
Version: 1.0
Supported data types:
- thehive:case_artifact
Registration required: N/A
Subscription required: N/A
Free subscription: N/A
Third party service: N/A
Description
Remove a SHA256 to an AMP for Endpoints Simple Custom Detection list
Configuration
| amp_cloud |
FQDN of the AMP for Endpoints cloud to interact with |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| client_id |
Client ID for AMP for Endpoints |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| api_key |
API Key for AMP for Endpoints |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |
| scd_guid |
AMP for Endpoints Simple Custom Detection GUID |
| Default value if not configured |
N/A |
| Type of the configuration item |
string |
| The configuration item can contain multiple values |
False |
| Is required |
True |