Summary
In order for the Check Point MDR team to monitor your Cisco Secure Endpoint (formerly AMP) we will require integration with your Cisco Secure Endpoint portal.
Note: You must have an administrator account to create the proper permissions.
If you need any assistance with this procedure, please open a ticket in the MDR Customer portal under "MDR Support" or if you are currently onboarding, reply to your welcome email and we will schedule a time to assist.
Note: We will need these three items filled in on the MDR customer portal profile page when adding the integration also ensure the procedure outlined below is completed before adding:
- Client ID
- Client Secret (API Key)
Procedure
- Log in to your Cisco Secure Endpoint portal as an administrator account.
Remediation
Proceed to the Infinity Portal and head to the MDR Profile tab. Under Remediation Excluded Hosts, you will need to enter an IP Address. If you do not have a host to exclude, please use a default address, such as 1.1.1.1 (There will need to be at least one entry before the system allows you to configure Remediation.)
- In the integration you will see an option at the bottom called "Remediation". Click on the Blue Configure button to begin the setup process.
- Next, select your desired Isolation/Remediation option: Do not perform remediations, Requires approval, Always approve. Hit Save at the bottom complete this process.
Note: Please contact MDR Support by creating a ticket in your MDR Portal if you would like to schedule a test to verify your Remediation (Host Isolation).