Tip
This article was accurate at the time of writing, but changes happen. If you find the instructions are outdated, leave a description in the comment field below and let us know!
Step 1: Enable console access
This procedure creates a user account for Expel that keeps the Expel activity separate from other activity on the Cisco AMP console.
-
Navigate to Accounts > Users.
-
Click + New User.
-
Add the user.
-
For First Name add Expel.
-
For Last Name add SOC.
-
For Login Email add soc+<Your_Organization_Name>@expel.io.
Tip
Yes, the "+" sign is part of the email address, and it's important. Click here to find out why.
-
Select Administrator checkbox.
-
-
Click Create.
Step 2: Generate API credentials
Create an API access account
-
Navigate to Accounts > API Credentials.
-
Click +New API Credential.
-
For Application name enter expelapi.
-
For Scope select Read-Only.
-
Click Create.
-
A new page opens with your API Key Details. Save these items as they are not easily accessible later in the process and are needed for onboarding in Workbench.
Step 3: Configure the technology in Workbench
-
In a new browser tab, login to https://workbench.expel.io.
-
On the console page, navigate to Settings and click Security Devices.
-
At the upper right of the page, select Add Security Device.
-
Search for and select Cisco.
-
For Name type the host name of the Cisco AMP device.
-
For Location type the geographic location of the device.
-
For API key and Client ID, type the API credentials generated in Step 2.
-
For Username and Password type credentials previously created in the Cisco AMP console.
-
-
You can provide console access now or set it up later. Use the instructions below to set it up later.
Comments
0 comments
Please sign in to leave a comment.