Cisco Cisco Web Security Appliance S690 User Guide
14-8
AsyncOS 9.0.1 for Cisco Web Security Appliances User Guide
Chapter 14 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Note
Do not change any other settings in this section without guidance from Cisco support.
Step 8
If you will use the cloud service for file analysis:
a.
Select Advanced Settings for File Analysis.
b.
Choose the cloud server that is physically nearest to your Web Security appliances.
Newly available servers will be added to this list periodically using standard update processes.
Step 9
If you will use an on-premises Cisco AMP Threat Grid appliance for file analysis:
Configure Advanced Settings for File Analysis:
Step 10
Submit and commit your changes.
Step 11
If you are using an on-premises Cisco AMP Threat Grid appliance, activate the account for this appliance
on the AMP Threat Grid appliance.
on the AMP Threat Grid appliance.
Complete instructions for activating the "user" account are available in the AMP Threat Grid
documentation.
documentation.
a.
Note the File Analysis Client ID that appears at the bottom of the section. This identifies the "user"
that you will activate.
that you will activate.
b.
Sign in to the AMP Threat Grid appliance.
c.
Select Welcome... > Manage Users and navigate to User Details.
SSL Communication for File Reputation
Check Use SSL (Port 443) to communicate on port 443
instead of the default port, 32137.
instead of the default port, 32137.
This option also allows you to configure an upstream proxy
for communication with the file reputation service.
for communication with the file reputation service.
Note
SSL communication over port 32137 may require
you to open that port in your firewall.
you to open that port in your firewall.
Reputation Threshold
•
Use value from Cloud Service
•
Enter custom value
The upper limit for acceptable file reputation scores.
Scores above this threshold indicate the file is infected.
Scores above this threshold indicate the file is infected.
Option
Description
Option
Description
File Analysis
Server URL
Server URL
Select Private cloud.
Server
URL of the on-premises Cisco AMP Threat Grid Appliance. Use the hostname, not the
IP address, for this value and for the certificate.
IP address, for this value and for the certificate.
Certificate
Upload a self-signed certificate that you have generated from your on-premises
Cisco AMP Threat Grid Appliance.
Cisco AMP Threat Grid Appliance.
The most recently uploaded self-signed certificate is used. It is not possible to access a
certificate uploaded prior to the most recent certificate; if needed, upload the desired
certificate again.
certificate uploaded prior to the most recent certificate; if needed, upload the desired
certificate again.