AMP for Endpoints to ServiceNOW
It’s been a while since I’ve posted anything, but thats due to me getting into a new job at Cisco Systems. During the Christmas shutdown I was able to look at Cisco’s AMP for Endpoints (AMP4E) and how it might integrate into many people’s ServiceNOW environments. I decided to go ahead and create some python code that can automatically create a ServiceNOW ticket when ever there is an AMP event that is deemed malicious. You can check it out here.
Additionally, I also show how you can make this code run on AWS Lambda using the Chalice framework (Surprisingly easy to do).