Cisco Secure Endpoint Monitoring

Updated Jan 17, 2024

Configure Cisco Secure Endpoint for Arctic Wolf monitoring

You can configure Cisco Secure Endpoint® to send the necessary logs to Arctic Wolf® for security monitoring.

Requirements

Steps

  1. Create API client credentials.
  2. Provide your Cisco Secure Endpoint credentials to Arctic Wolf.

Step 1: Create API client credentials

  1. Sign in to the Cisco Secure Endpoint console with administrator permissions.

  2. In the navigation menu, click Admin > API Credentials.

  3. On the API Credentials page, click New API Credential.

  4. In the New API Credential dialog, configure these settings:

    • Application name — Enter a name for the credentials.
    • Scope — Select Read-only.
    • Enable Command line — Select the checkbox.
    • Allow API access to File Repository download audit logs — Select the checkbox.
  5. Click Create.

  6. On the API Key Details page, save the Client ID and API Key values in a safe, encrypted location. You will provide them to Arctic Wolf later.

    Note: After you exit this page, you can no longer retrieve the API Key from the console.

Step 2: Provide your Cisco Secure Endpoint credentials to Arctic Wolf

Note: If API credentials fail, for example due to expired credentials, Arctic Wolf notifies you and requests a new set of credentials. After receiving refreshed credentials, Arctic Wolf can only retrieve data from the previous 12 hours. Provide refreshed credentials within 12 hours of expiry to enable complete data polling and coverage. For more information, see MDR polling frequency.

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click Telemetry Management > Connected Accounts.

  3. Click Add Account +.

  4. On the Add Account page, in the Account Type list, select Cloud Detection and Response.

  5. In the Cloud Services list, select Cisco Secure Endpoint.

  6. On the Add Account page, configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.

    • Client ID — Enter the value from Create API client credentials.

    • API Key — Enter the value from Create API client credentials.

    • API Base URL — Enter the appropriate region base URL.

    • Credential Expiry — (Optional) Enter the credential expiration date, if applicable.

  7. Click Test and submit credentials.

    After your Concierge Security® Team (CST) enables security monitoring for this account, the connected account status changes to Healthy.