Cisco Secure Endpoint (AMP) - Overview

This document provides an introduction to the Cisco Secure Endpoint (AMP) console and features.

Summary

Cisco Secure Endpoint is an advanced protection suite that monitors devices for suspicious activity in real time. Cisco Secure Endpoint is an Endpoint Detection and Response (EDR), a security solution that focuses on real-time monitoring and data collection from individual endpoints to identify and respond to advanced threats that bypass traditional antivirus.

Key Features

Centralized Management: View events, set alerts, and manage policies from a single console
Real-Time Monitoring: Immediate reporting of suspicious/malicious file executions and system modifications
Built-in Antivirus: Includes Tetra and ClamAV engines for offline protection
Automated Response: Can automatically quarantine files and kill malicious processes
Administrative Autonomy: Distributed IT units can manage their own groups, policies, and exclusions

FAQ

How do I get access to the Cisco Secure Endpoint console?
You can request an account by following the instructions at Cisco Secure Endpoint (AMP) - Requesting Console User Accounts, Groups, & Enabling Multi-Factor Authentication
Where do I go to access the Cisco Secure Endpoint console?
You can access the console by following the instructions at Cisco Secure Endpoint (AMP) - Accessing the Console
How quickly does the console receive information from endpoints?
As long as the endpoint has an active internet connection, the connector maintains a continuous, encrypted heartbeat with the console. This allows for near real-time data streaming, ensuring that telemetry reaches your dashboard in minutes.
How can I monitor for events/detentions occurring in my environment?
You can confirm email alerts by following the instructions at Cisco Secure Endpoint (AMP) - Configuring Alerts and Reports
What operating systems are supported by Cisco Secure Endpoint?
- Windows operating system supported can be found at https://console.amp.cisco.com/help/en/Content/Secure_Endpoint_User_Guide/Windows_System_Requireme.html
- macOS operating system supported can be found at https://console.amp.cisco.com/help/en/Content/Secure_Endpoint_User_Guide/MacOS_System_Requirement.html#mac_connector_2203917731_3405309
- Linux operating system supported for
  - RPM-based distribution can be found at https://console.amp.cisco.com/help/en/Content/Secure_Endpoint_User_Guide/Linux_RPM.html
  - Debian-based distribution can be found at https://console.amp.cisco.com/help/en/Content/Secure_Endpoint_User_Guide/Linux_Debian.html
How often should I update the Cisco Secure Endpoint connector?
Cybersecurity's recommendation for updating Cisco Secure Endpoint connector can be found at Cisco Secure Endpoint (AMP) - Updating Connectors
How much resource will the Cisco Secure Endpoint connector utilize? Will it dramatically affect performance on the endpoint?
Cybersecurity typically observes Cisco Secure Endpoint to consume between 5% to 10% CPU usage. If the Cisco Secure Endpoint connector is consistently consuming over 10% CPU please contact Cybersecurity at cybersecurity@cio.wisc.edu for customized performance tuning support to minimize Cisco Secure Endpoint connector's performance impact.
Where can I get more information?
Additional information can be found at https://kb.wisc.edu/search.php?q=cisco+amp or by emailing Cybersecurity at cybersecurity@cio.wisc.edu

Keywords:

amp cisco endpoint connector advanced malware protection threat FAQ frequently asked questions getting started beginner's guide AV software antivirus secure endpoint

Doc ID:

90958

Owned by:

TCD K. in Cybersecurity Testing and Cyber Defense

Created:

2019-04-10

Updated:

2026-04-06

Sites:

Cybersecurity Testing and Cyber Defense, DoIT Departmental Support, DoIT Help Desk, Office of Cybersecurity

0 2 Comment Suggest new doc