resulting in comprehensive malware protection and enabling a “see
once, block everywhere” architecture.
By automating threat detection and remediation processes:
Customers can efficiently allocate time and resources and avoid the
need to hire additional high-cost employees or sign expensive
outsourcing contracts. This automation also promotes increased job
satisfaction on security operations teams, as less time is spent on
mundane research tasks.Automation can be achieved by using the AMP for
Endpoints API, which allows users to expedite their
investigations by identifying which endpoints have seen
a file, create custom file lists, and move endpoints in and
out of triage groups. The API also makes it possible to
collect and archive all events generated in an
environment, which in turn makes possible extended
historical data correlation. The AMP for Endpoints API
enables developers and security teams to do the
following:
Ingest events: The API stores events in third-party tools, archives
extended event histories, and correlates against other logs.
Search: The API can find where a file has been, determine if a file has
been executed, and capture command-line arguments.
Basic management: The API allows you to create groups, move
desktops or computers, and manage file lists.AMP for Endpoints API Credentials and Authorization
The AMP for Endpoints API requires administrators to
first set up an API credential. You can do this via the
AMP Console by navigating to Accounts > API
Credentials and then completing the dialog shown in
Figure 11-8.