Cisco Cisco Firepower Management Center 2000
33-23
FireSIGHT System User Guide
Chapter 33 Blocking Malware and Prohibited Files
Working with Cloud Connections for FireAMP
Creating a connection between the Defense Center and the Cisco cloud is a two-step process. First,
configure the Defense Center to connect to the cloud. Then, log into the FireAMP portal to authorize the
connection. If you do not have a FireAMP subscription, you cannot complete the registration process.
configure the Defense Center to connect to the cloud. Then, log into the FireAMP portal to authorize the
connection. If you do not have a FireAMP subscription, you cannot complete the registration process.
To re-register a Defense Center that was restored to factory defaults or reverted while registered to the
cloud, you must connect to FireAMP and remove the Defense Center before re-registering it.
cloud, you must connect to FireAMP and remove the Defense Center before re-registering it.
To create a Cisco cloud connection for FireAMP:
Access:
Admin
Step 1
Select
FireAMP
>
AMP
Management
.
The FireAMP Management page appears.
Step 2
Click
Create
FireAMP
Connection
.
The Create FireAMP Connection dialog box appears.
Step 3
From the
Cloud Name
drop-down box, select the cloud you want to use:
•
For the European Union cloud, select
EU Cloud
.
•
For the United States of America cloud, select
US Cloud
.
Step 4
Click
Register
.
Step 5
Confirm that you want to continue to the FireAMP portal, then log into the portal.
The Applications page on the portal appears. Use this page to authorize the Cisco cloud to send malware
events to the Defense Center.
events to the Defense Center.
Step 6
Optionally, select specific groups within your organization for which you want to receive malware
events.
events.
Select groups only if you want to restrict the events you receive. By default, the Defense Center receives
malware events for all groups.
malware events for all groups.
Tip
To manage groups, select
Management > Groups
on the FireAMP portal. For detailed information, refer to
the online help on the portal.
Step 7
Click
Allow
.
You are returned to the FireAMP Management page on the Defense Center. Your connection is enabled
and the Defense Center begins receiving malware events from the cloud.
and the Defense Center begins receiving malware events from the cloud.
Clicking
Deny
also returns you to the Defense Center, where the cloud connection is marked as denied.
Similarly, if you navigate away from the Applications page on the FireAMP portal, and neither deny nor
allow the connection, the connection is marked as pending on the Defense Center’s web interface. The
health monitor does not alert in either of these situations. If you want to connect to the cloud later, you
must delete the failed or pending connection, then recreate it.
allow the connection, the connection is marked as pending on the Defense Center’s web interface. The
health monitor does not alert in either of these situations. If you want to connect to the cloud later, you
must delete the failed or pending connection, then recreate it.
Deleting or Disabling a Cloud Connection
License:
Any