Cisco Cisco Email Security Appliance X1070 Betriebsanweisung
17-7
Cisco AsyncOS 9.5 for Email User Guide
Chapter 17 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Step 11
Submit and commit your changes.
Step 12
If you are using an on-premises Cisco AMP Threat Grid appliance, you must activate the account for this
appliance on the AMP Threat Grid appliance:
appliance on the AMP Threat Grid appliance:
a.
Note the File Analysis Client ID that appears at the bottom of the page.
b.
Sign in to the AMP Threat Grid appliance.
c.
Select Welcome... > Manage Users.
d.
Locate the "user" account for the File Analysis Client ID of your Email Security appliance.
e.
Activate this "user" account for your appliance.
Configuring the Incoming Mail Policy for File Reputation Scanning and File
Analysis
Analysis
Procedure
Step 1
Select Mail Policies > Incoming Mail Policies.
Step 2
Click the link in the Advanced Malware Protection column of the mail policy to modify.
Option
Description
File Analysis
Server URL
Server URL
Select Private cloud.
Server
URL of the on-premises Cisco AMP Threat Grid Appliance. Use the hostname, not the
IP address, for this value and for the certificate.
IP address, for this value and for the certificate.
If you change this hostname and you are using a self-signed certificate from the AMP
Threat Grid server:
Threat Grid server:
•
Generate a new certificate from the AMP Threat Grid appliance that has the new
hostname.
hostname.
•
Upload the new certificate to the Email Security appliance.
•
Reset the API key on the AMP Threat Grid appliance. See the AMP Threat Grid
online help for information.
online help for information.
Certificate
Do one of the following:
•
Select the Cisco default certificate authority.
•
Upload a self-signed certificate that you have generated from your on-premises
Cisco AMP Threat Grid Appliance.
Cisco AMP Threat Grid Appliance.
The most recently uploaded self-signed certificate is used. It is not possible to
access a certificate uploaded prior to the most recent certificate; if needed, upload
the desired certificate again.
access a certificate uploaded prior to the most recent certificate; if needed, upload
the desired certificate again.