This article explains how to connect Cisco AMP to Workbench.
Step 1: Enable console access
This procedure creates a user account for Expel that keeps the Expel activity separate from other activity on the Cisco AMP console.
Note
Expel secures all login information our SOC analysts need about your devices in a MFA password product. Access to this login information is protected using our internal MFA processes. To learn more about the IP addresses all Expel traffic comes from, go here.
-
Navigate to Accounts > Users.
-
Click + New User.
-
Add the user.
-
For First Name add Expel.
-
For Last Name add SOC.
-
For Login Email add soc+<Your_Organization_Name>@expel.io.
Tip
Yes, the "+" sign is part of the email address, and it's important. Click here to find out why.
-
Select Administrator checkbox.
-
-
Click Create.
Step 2: Generate API credentials
-
Navigate to Accounts > API Credentials.
-
Click +New API Credential.
-
For Application name enter expelapi.
-
For Scope select Read-Only.
-
Click Create.
-
A new page opens with your API Key Details. Save these items as they are not easily accessible later in the process and are needed for onboarding in Workbench.
Step 3: Configure the technology in Workbench
-
In a new browser tab, login to https://workbench.expel.io.
-
On the console page, navigate to Settings and click Security Devices.
-
At the upper right of the page, select Add Security Device.
-
Search for and select Cisco.
-
For Name type the host name of the Cisco AMP device.
-
For Location type the geographic location of the device.
-
For API key and Client ID, type the API credentials generated in Step 2.
-
For Username and Password type credentials previously created in the Cisco AMP console.
-
-
You can provide console access now or set it up later. Use the instructions below to set it up later.
Comments
0 comments
Please sign in to leave a comment.