Integrate Firepower and Secure Endpoint

If your organization has deployed Cisco's Secure Endpoint product, you can integrate that application with Firepower to achieve the benefits described in Benefits of Integrating Firepower and Secure Endpoint.

When you integrate with Secure Endpoint, you must configure the Secure Endpoint connection even if you already have malware defense (AMP for Firepower) connections configured. You can configure multiple Secure Endpoint cloud connections.

Note

Secure Endpoint connections that have not registered successfully do not affect malware defense.

Before you begin

  • You must be an Admin user to perform this task.

  • Secure Endpoint must be set up and working properly on your network.

  • If you are connecting to the AMP cloud after either reimaging or restoring your management center from backup, use the Secure Endpoint management console to remove the previous connection.

  • You will need your Secure Endpoint credentials to log in to the Secure Endpoint console during this procedure.

Procedure


Step 1

Choose Integration > AMP > AMP Management.

Step 2

Click Add AMP Cloud Connection.

Step 3

From the Cloud Name drop-down list, choose the cloud you want to use.

Step 4

If you want to use this cloud for both malware defense and Secure Endpoint, select the Use for AMP for Firepower check box.

If you configured a different cloud to handle malware defense (AMP for Firepower) communications, you can clear this check box; if this is your only AMP cloud connection, you cannot.

Step 5

Click Register.

A Spinning state () icon indicates that a connection is pending, for example, after you configure a connection on the management center, but before you authorize it using the Secure Endpoint management console. A Denied (denied icon) icon indicates that the cloud denied the connection or the connection failed for another reason.

Step 6

Confirm that you want to continue to the Secure Endpoint management console, then log into the management console.

Step 7

Using the management console, authorize the AMP cloud to send Secure Endpoint data to management center.

Step 8

If you want to restrict the data that the management center receives, select specific groups within your organization for which you want to receive information.

By default, the AMP cloud sends data for all groups. To manage groups, choose Management > Groups on the Secure Endpoint management console. For detailed information, see the management console online help.

Step 9

Click Allow to enable the connection and start the transfer of data.

Clicking Deny returns you to the management center, where the connection is marked as denied. If you navigate away from the Applications page on the Secure Endpoint management console, and neither deny nor allow the connection, the connection is marked as pending on the management center’s web interface. The health monitor does not alert you of a failed connection in either of these situations. If you want to connect to the AMP cloud later, delete the failed or pending connection, then recreate it.

Incomplete registration of the Secure Endpoint connection does not disable the malware defense connection.

Step 10

To verify that the connection is correctly configured:

  1. On the Integration > AMP > AMP Management page, click the Cloud Name that includes Secure Endpoint in the Cisco AMP Solution Type column.

  2. In the Secure Endpoint console window that displays, choose Accounts > Applications.

  3. Verify that your management center is on the list.

  4. In the Secure Endpoint console window, choose Manage > Computers.

  5. Verify that your management center is on the list.


What to do next

  • In the Secure Endpoint console window, configure settings as needed. For example, define group membership for your management center and assign policies. For information, see the Secure Endpoint online help or other documentation.

  • The default health policy warns you if the management center cannot connect to the Secure Endpoint portal after an initial successful connection, or if the connection is deregistered using the AMP portal.

    Verify that the Secure Endpoint Status monitor is enabled under System > Health > Policy.