Details
| Author | Cisco Security |
| Version | 1.0 |
| License | MIT |
| Website | https://github.com/CiscoSecurity |
| Requires Registration | No |
| Requires Subscription | No |
| Free Subscription Available | No |
| DataType Supported | thehive:case_artifact |
Description
Start host isolation for an AMP for Endpoints connector
Configuration
| Name | Description |
| amp_cloud | FQDN of the AMP for Endpoints cloud to interact with |
| client_id | Client ID for AMP for Endpoints |
| api_key | API Key for AMP for Endpoints |
| unlock_code | Custom unlock code used to stop isolation from the endpoint (Maximum 24 characters) |
Details
| Author | Cisco Security |
| Version | 1.0 |
| License | MIT |
| Website | https://github.com/CiscoSecurity |
| Requires Registration | No |
| Requires Subscription | No |
| Free Subscription Available | No |
| DataType Supported | thehive:case_artifact |
Description
Stop host isolation for an AMP for Endpoints connector
Configuration
| Name | Description |
| amp_cloud | FQDN of the AMP for Endpoints cloud to interact with |
| client_id | Client ID for AMP for Endpoints |
| api_key | API Key for AMP for Endpoints |
Details
| Author | Cisco Security |
| Version | 1.0 |
| License | MIT |
| Website | https://github.com/CiscoSecurity |
| Requires Registration | No |
| Requires Subscription | No |
| Free Subscription Available | No |
| DataType Supported | thehive:case_artifact |
Description
Move an AMP for Endpoints connector GUID to a different Group
Configuration
| Name | Description |
| amp_cloud | FQDN of the AMP for Endpoints cloud to interact with |
| client_id | Client ID for AMP for Endpoints |
| api_key | API Key for AMP for Endpoints |
| group_guid | AMP for Endpoints Group GUID for the group connectors will be moved to |
Details
| Author | Cisco Security |
| Version | 1.0 |
| License | MIT |
| Website | https://github.com/CiscoSecurity |
| Requires Registration | No |
| Requires Subscription | No |
| Free Subscription Available | No |
| DataType Supported | thehive:case_artifact |
Description
Add a SHA256 to an AMP for Endpoints Simple Custom Detection list
Configuration
| Name | Description |
| amp_cloud | FQDN of the AMP for Endpoints cloud to interact with |
| client_id | Client ID for AMP for Endpoints |
| api_key | API Key for AMP for Endpoints |
| scd_guid | AMP for Endpoints Simple Custom Detection GUID |
Details
| Author | Cisco Security |
| Version | 1.0 |
| License | MIT |
| Website | https://github.com/CiscoSecurity |
| Requires Registration | No |
| Requires Subscription | No |
| Free Subscription Available | No |
| DataType Supported | thehive:case_artifact |
Description
Remove a SHA256 to an AMP for Endpoints Simple Custom Detection list
Configuration
| Name | Description |
| amp_cloud | FQDN of the AMP for Endpoints cloud to interact with |
| client_id | Client ID for AMP for Endpoints |
| api_key | API Key for AMP for Endpoints |
| scd_guid | AMP for Endpoints Simple Custom Detection GUID |