Post

Cisco Secure Endpoint

Posted
By Sena Perdiana 2 min read


Cisco Secure Endpoint is an endpoint security solution provided by Cisco Systems. It is designed to protect endpoint devices such as laptops, desktops, servers, and mobile devices from security threats such as malware, ransomware, and zero-day attacks



Secure Endpoint Cloud Portal

First we’ll configure everything on the Cloud Portal

x


Exclusions

First create new sets of exclusion lists for Windows Client

x


Here the Endpoint Devices happen to use BigFix software so we’d want to exclude its paths

x

x


Next create another list for Windows Server

x


Outbreak Control - Custom Detection

On Outbreak Control, select Simple Custom Detection

x


And then create a new list named “Quarantine List”

x


Outbreak Control - Application Control

Blocked Application

Here create a new list of blocked application named “App Block List”

x



Allowed Application

And also create a new list of allowed application named “App Allow List”

x


Policies

Modes and Engines

First we’ll create a new policy for Windows Endpoint with the mode set to Debug

x

x


Exclusions

On here Select the Cisco-maintained exclusions as needed and on Custom Exclusions user the one created earlier

x


Outbreak Control

On here select the Outbreak Control sets that was created earlier

x


Administrative Features

And lastly configure the log level to be debug and hit save

x


Next create a new policy for Windows Server, we want to disable the Network Monitoring for servers, other than that keep everything the same

x

x

x


And lastly for Linux Server

x


Now we end up with these 3 policies

x


Groups

Create a new group for Client Endpoints using the Windows Policy that has juts been created

x


Then another policy for Windows and Linux servers

x


Here’s the 2 groups we end up with

x


Installing CSE Connector

Windows Client

On Download Page, select the Client Group download the Connector

x


On the Windows Client, install the connector

x


Now the Secure Endpoint Connector is installed

x


Now going back to the CSE Portal, on Management » Computers we’ll see the installed machine shows up here

x


Windows Server

Download the Connector for Windows Server

x


On the windows server, run this command to install it

x


Now the Secure Endpoint Connector is installed

x


Linux Server

Download the Connector for Linux Server, or Copy the URL

x


Download the .rpm installer on CentOS with “wget”

x


Run “yum local install amp.rpm -y” to execute the installer

x


Run “/opt/cisco/amp/bin/ampcli status” to see the Secure Endpoint installation status

x


And now back on the CSE Portal, we have 3 computers here

x


Events

On Events, we can see all the events picked up by the CSE Connector on that particular computer

x


And now we’ll try running activies on this machine, such as creating words documents or installing steam

x


On that Computer’s Device Trajectory, we can see these activies being monitored to a great details

x


Security, Cisco Secure Endpoint
Secure Endpoint
This post is licensed under CC BY 4.0 by the author.