Cisco Cisco AMP Threat Grid 5500 Appliance Installation Guide
Cisco AMP Threat Grid Appliance Setup and Configuration Guide
INTRODUCTION
INTRODUCTION
1
INTRODUCTION
A Cisco AMP Threat Grid Appliance provides safe and highly secure on-premises advanced malware analysis,
with deep threat analytics and content. Threat Grid Appliances provide the complete Threat Grid malware
analysis platform, installed on a single UCS server (UCS C220-M3 or C220 M4). They empower organizations
operating under various compliance and policy restrictions, to submit malware samples to the appliance.
with deep threat analytics and content. Threat Grid Appliances provide the complete Threat Grid malware
analysis platform, installed on a single UCS server (UCS C220-M3 or C220 M4). They empower organizations
operating under various compliance and policy restrictions, to submit malware samples to the appliance.
Many organizations that handle sensitive data, such as banks, health services, etc., must follow various
regulatory rules and guidelines that will not allow certain types of files, such as malware artifacts, to be sent
outside of the network for malware analysis. By maintaining a Cisco AMP Threat Grid Appliance on-premises,
organizations are able to send suspicious documents and files to it to be analyzed without leaving the network.
regulatory rules and guidelines that will not allow certain types of files, such as malware artifacts, to be sent
outside of the network for malware analysis. By maintaining a Cisco AMP Threat Grid Appliance on-premises,
organizations are able to send suspicious documents and files to it to be analyzed without leaving the network.
With an AMP Threat Grid Appliance, security teams can analyze all samples using proprietary and highly secure
static and dynamic analysis techniques. The appliance correlates the analysis results with hundreds of millions of
previously analyzed malware artifacts, to provide a global view of malware attacks and campaigns, and their
distributions. A single sample of observed activity and characteristics can quickly be correlated against millions of
other samples to fully understand its behaviors within an historical and global context. This ability helps security
teams to effectively defend the organization against threats and attacks from advanced malware.
static and dynamic analysis techniques. The appliance correlates the analysis results with hundreds of millions of
previously analyzed malware artifacts, to provide a global view of malware attacks and campaigns, and their
distributions. A single sample of observed activity and characteristics can quickly be correlated against millions of
other samples to fully understand its behaviors within an historical and global context. This ability helps security
teams to effectively defend the organization against threats and attacks from advanced malware.
Who This Guide Is For
Before a new appliance can be used for malware analysis, it must be set up and configured for the organization's
network. This guide is for the security team IT staff tasked with setting up and configuring a new Threat Grid
Appliance.
network. This guide is for the security team IT staff tasked with setting up and configuring a new Threat Grid
Appliance.
This document describes how to complete the initial setup and configuration for a new Threat Grid Appliance, up
to the point where malware samples can be submitted to it for analysis.
to the point where malware samples can be submitted to it for analysis.
For more information, please see the Cisco AMP Threat Grid Appliance Administrator's Guide, which can be
found on the
found on the
Install and Upgrade page
on Cisco.com.
Release Notes
For detailed updates information, see the Release Notes, which may be found in the OpAdmin Portal:
Operations menu > Update Appliance
Formatted PDF versions of the Threat Grid Appliance Release Notes are also
available online
.
Note:
To view the release notes for the Threat Grid Portal UI, click Help in the UI’s navigation bar.
What’s New
Cisco UCS C220 M4 Server
Released on November 17, 2016, the C220 M4 server includes a hardware refresh, as well as the Secure Boot
feature. Please contact us at
feature. Please contact us at
support@threatgrid.com
to discuss any questions you may have about upgrading.
Note:
Threat Grid will continue to provide support for M3s until after the expiration of their contracted lifespan. All
the same M4 features are available as over-the-wire updates for existing M3s.
The M5 server upgrade is currently under development. We strongly encourage existing M3 and M4 customers
to contact us at
to contact us at
support@threatgrid.com
to discuss any questions you may have about which server upgrade is
best for your needs, as well as data migration, backups, rollout strategies, etc. Additional complexity is
introduced by the migration to version 2.1.5 of the Threat Grid Appliance software, which is currently in
introduced by the migration to version 2.1.5 of the Threat Grid Appliance software, which is currently in