SHARE:

AMP for Endpoints to ServiceNOW

Spread the love

It’s been a while since I’ve posted anything, but thats due to me getting into a new job at Cisco Systems. During the Christmas shutdown I was able to look at Cisco’s AMP for Endpoints (AMP4E) and how it might integrate into many people’s ServiceNOW environments. I decided to go ahead and create some python code that can automatically create a ServiceNOW ticket when ever there is an AMP event that is deemed malicious. You can check it out here.

https://github.com/CiscoSE/AMP4E-to-ServiceNOW_Incident

Additionally, I also show how you can make this code run on AWS Lambda using the Chalice framework (Surprisingly easy to do).

Written by

gseeto

Technology, Science and Philosophy