Cisco Threat Response API Integration

This topic has 0 replies, 1 voice, and was last updated 5 years ago by Mike Riforgiate.

Viewing 1 post (of 1 total)

Author
Posts
April 13, 2019 at 5:54 pm #2016
Mike Riforgiate
Keymaster
Threat Response Console
- Go to https://visibility.amp.cisco.com and login.
- Go to Modules > API Clients.
- Click Add API Credential
  - Client Name: WitFoo Precinct
  - Scopes: Global Intelligence
PRECINCT CONFIGURATION
- Go to Admin > SOAR > Cisco Threat Response > Config
- Click the checkbox for Enable Cisco Threat Response Integration
- Paste the Client ID Client Password
- Click the disk icon (Save)
- Click Jobs and go to Artifacts from Cisco Threat Response.
- Select Triggers, expanding Manual Trigger and Interval Trigger.
  - Toggle both to State: ENABLED
- The Interval Trigger is set to 2 hours by default, but you can update it to what best suits your organization. (Recommended: 10 minutes)
- Click the disk icon (Save)
The Cisco Threat Response API Integration document can be found Here
Author
Posts

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.