Creating a Cisco AMP Client ID and API key for event queues

A Cisco AMP administrator must create a Client ID and an API key in the Cisco AMP for Endpoints portal. These keys are used to manage queues.

Before you begin

If you do not have administrator privileges, request the Client ID and API key values from your administrator. If you want QRadar® to automatically manage the event stream, you need these values when you configure a log source in QRadar.

Procedure

  1. Log in to the Cisco AMP for Endpoints portal as an administrator.
  2. Click Accounts > API Credentials.
  3. In the API Credentials pane, click New API Credential.
  4. In the Application name field, type a name, and then select Read & Write.

    You must have read & write access to manage event streams on your Cisco AMP for Endpoints platform.

  5. Click Create.
  6. From the API Key Details section, copy the values for the 3rd Party API Client ID and the API Key. You need these values to manage queues.

What to do next

Create a Cisco AMP event stream.