Connecting Firepower to the AMP Cloud

If you are using AMP for Endpoints in your lab or implementation, I would highly recommend adding the cloud connection to your Firepower Management Center. The reason you would do this is that it allows you to import threat identifications, indications of compromise (IOC), and other malware-related information that the AMP cloud gathers from the endpoints. 

In order to create this connection, navigate to AMP>AMP Management in the FMC and click on the Add AMP Cloud Connection button.

From the pop-up, choose US Cloud from the Cloud Name drop-down. This will redirect you to the AMP Cloud login page for AMP for Endpoints:

After logging in with your credentials, you will be taken to the applications page where you can click Allow to allow the FMC adapter to share information with the FMC. If you have specific groups you'd like to share instead of everything, you can also specify here only to share those groups:

After allowing access, you will be redirected back to your FMC and see that the AMP for Endpoints Cloud connection is now enabled:

Now when you navigate to Analysis>Files>Network File Trajectory, you will have additional context into how the file moved through your environment and not just from the perspective when the file passed through the NGFW/NGIPS:

Also you can see Indicators of Compromise (IoCs) from AMP from Endpoints when you pull up the host profile for a specific host in Analysis>Hosts>Network Map or click on any computer icon next to the IP address in another part of FMC 

Note: If you have a AMP Private cloud installation onsite, the integration would be very similar to this.