Cisco Cisco Email Security Appliance X1070 User Guide
17-8
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Chapter 17 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Step 11
Submit and commit your changes.
Step 12
If you are using an on-premises Cisco AMP Threat Grid appliance, activate the account for this appliance
on the AMP Threat Grid appliance.
on the AMP Threat Grid appliance.
Complete instructions for activating the "user" account are available in the AMP Threat Grid
documentation.
documentation.
a.
Note the File Analysis Client ID that appears at the bottom of the page. This identifies the "user"
that you will activate.
that you will activate.
b.
Sign in to the AMP Threat Grid appliance.
c.
Select Welcome... > Manage Users and navigate to User Details.
d.
Locate the "user" account based on the File Analysis Client ID of your Email Security appliance.
e.
Activate this "user" account for your appliance.
(Public Cloud File Analysis Services Only) Configuring Appliance Groups
In order to allow all content security appliances in your organization to view file analysis result details
in the cloud for files sent for analysis from any appliance in your organization, you need to join all
appliances to the same appliance group.
in the cloud for files sent for analysis from any appliance in your organization, you need to join all
appliances to the same appliance group.
Step 1
Select Security Services > File Reputation and Analysis.
Step 2
In the Appliance Grouping for File Analysis Cloud Reporting section, enter the Analysis Group ID.
•
If this is the first appliance being added to the group, provide a useful identifier for the group.
•
This ID is case-sensitive, and cannot contain spaces.
•
The ID you provide must be identical on all appliances that will share data about files that are
uploaded for analysis. However, the ID is not validated on subsequent group appliances.
uploaded for analysis. However, the ID is not validated on subsequent group appliances.
•
If you enter the Group ID incorrectly or need to change it for any other reason, you must open a case
with Cisco TAC.
with Cisco TAC.
•
This change takes effect immediately; it does not require a Commit.
•
All appliances in the group must be configured to use the same File Analysis server in the cloud.
•
An appliance can belong to only one group.
•
You can add a machine to a group at any time, but you can do it only once.
•
You can add a machine to a group at any time, but you can do it only once.
Server
URL of the on-premises Cisco AMP Threat Grid Appliance. Use the hostname, not the
IP address, for this value and for the certificate.
IP address, for this value and for the certificate.
Certificate
Upload a self-signed certificate that you have generated from your on-premises
Cisco AMP Threat Grid Appliance.
Cisco AMP Threat Grid Appliance.
The most recently uploaded self-signed certificate is used. It is not possible to access a
certificate uploaded prior to the most recent certificate; if needed, upload the desired
certificate again.
certificate uploaded prior to the most recent certificate; if needed, upload the desired
certificate again.
Option
Description