Note: There may be known issues pertaining to this Solution, please refer to them before installing.

The Cisco Secure Endpoint (formerly AMP for Endpoints) data connector provides the capability to ingest Cisco Secure Endpoint audit logs and events into Microsoft Sentinel.

Underlying Microsoft Technologies used:

This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:

a. Azure Monitor HTTP Data Collector API

b. Azure Functions

Data Connectors: 1, Parsers: 1, Workbooks: 1, Analytic Rules: 11, Hunting Queries: 10

Learn more about Microsoft Sentinel | Learn more about Solutions