Select Page

Cisco Threat Response API Integration

Welcome Forums Integrations Cisco Threat Response API Integration

Viewing 1 post (of 1 total)
  • Author
    Posts
  • April 13, 2019 at 5:54 pm #2016
    Mike RiforgiateMike Riforgiate
    Keymaster

    Threat Response Console

    • Go to https://visibility.amp.cisco.com and login.
    • Go to Modules > API Clients.
    • Click Add API Credential
      • Client Name: WitFoo Precinct
      • Scopes: Global Intelligence

     

    PRECINCT CONFIGURATION

    • Go to Admin > SOAR > Cisco Threat Response > Config
    • Click the checkbox for Enable Cisco Threat Response Integration
    • Paste the Client ID Client Password
    • Click the disk icon (Save)
    • Click Jobs and go to Artifacts from Cisco Threat Response.
    • Select Triggers, expanding Manual Trigger and Interval Trigger. 
      • Toggle both to State: ENABLED
    • The Interval Trigger is set to 2 hours by default, but you can update it to what best suits your organization. (Recommended: 10 minutes)
    • Click the disk icon (Save)

     

    The Cisco Threat Response API Integration document can be found Here

  • Author
    Posts
Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.