
Apr 4, 2024
1.1.0
ThreatQ versions >= 4.25.0
Cisco AMP for Endpoints CDF
Overview
The Cisco AMP for Endpoints CDF enables a ThreatQ user to ingest events from Cisco AMP for Endpoints.
The CDF provides the following feed:
- Cisco AMP for Endpoints Events - ingests events from Cisco AMP for Endpoints.
The integration ingests the following system objects:
- Events
- Event Attributes
- Indicators
- Indicator Attributes