Cisco Cisco Email Security Appliance X1070 User Guide
17-6
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Chapter 17 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
•
If you will deploy a self-signed certificate: Generate a self-signed SSL certificate from the Cisco
AMP Threat Grid appliance to be used on your Email Security appliance. See instructions for
downloading SSL certificates and keys in the administrator’s guide for your AMP Threat Grid
appliance. Be sure to generate a certificate that has the hostname of your AMP Threat Grid appliance
as CN. The default certificate from the AMP Threat Grid appliance does NOT work.
AMP Threat Grid appliance to be used on your Email Security appliance. See instructions for
downloading SSL certificates and keys in the administrator’s guide for your AMP Threat Grid
appliance. Be sure to generate a certificate that has the hostname of your AMP Threat Grid appliance
as CN. The default certificate from the AMP Threat Grid appliance does NOT work.
•
Registration of your Email Security appliance with your Threat Grid appliance occurs automatically
when you submit the configuration for File Analysis, as described in
when you submit the configuration for File Analysis, as described in
. However, you must activate the registration as
described in the same procedure.
Enabling and Configuring File Reputation and Analysis Services
Before You Begin
•
Acquire feature keys for the file reputation service and the file analysis service.
•
Meet the
.
•
Verify connectivity to the update servers configured on the Updates page .
•
If you will use a Cisco AMP Threat Grid Appliance as a private cloud file analysis server, see
.
Procedure
Step 1
Select Security Services > File Reputation and Analysis.
Step 2
Click Enable.
Step 3
Click Edit Global Settings.
Step 4
Select Enable File Reputation.
Step 5
Accept the license agreement if presented.
Step 6
File Analysis is enabled by default. If you do not uncheck Enable File Analysis, the File Analysis
feature key will be activated after the next commit.
feature key will be activated after the next commit.
Step 7
In the File Analysis section, select the file types to send to the cloud for analysis.
Step 8
Adjust the following Advanced Settings for File Reputation as needed:
Option
Description
SSL Communication for File Reputation
Check Use SSL (Port 443) to communicate on port 443
instead of the default port, 32137.
instead of the default port, 32137.
This option also allows you to configure an upstream proxy
for communication with the file reputation service.
for communication with the file reputation service.
Note
SSL communication over port 32137 may require
you to open that port in your firewall.
you to open that port in your firewall.
Reputation Threshold
•
Use value from Cloud Service
•
Enter custom value
The upper limit for acceptable file reputation scores.
Scores above this threshold indicate the file is infected.
Scores above this threshold indicate the file is infected.