Cisco Cisco AMP Threat Grid 5500 Appliance Installation Guide
Cisco AMP Threat Grid Appliance Administrator's Guide
MANAGING THREAT GRID ORGANIZATIONS AND USERS
MANAGING THREAT GRID ORGANIZATIONS AND USERS
36
MANAGING THREAT GRID ORGANIZATIONS AND USERS
Threat Grid is installed on the appliance with a default organization and Admin user. Once the appliance is set up
and the network configuration is completed, you may create additional organization and user accounts, so
people can login and begin submitting malware samples for analysis.
and the network configuration is completed, you may create additional organization and user accounts, so
people can login and begin submitting malware samples for analysis.
Adding organizations, users, and administrators may require planning and coordination among multiple users
and teams, depending on your organization.
and teams, depending on your organization.
Creating a New Organization
Users are always affiliated with an organization; before you can add users, you must first create the Organization
to add them to.
to add them to.
IMPORTANT: You cannot delete an organization from this interface once it has been created, so plan this task
carefully.
carefully.
1.
Log into the Threat Grid portal as Admin.
2.
Click the Welcome dropdown link located in the upper-left corner, and select Manage Orgs. The
Organizations page opens, listing all of the Organizations on the appliance.
Organizations page opens, listing all of the Organizations on the appliance.
3.
Click the Add Organization button, located in the upper-right corner of the screen. The Properties dialog
opens.
opens.
4.
All fields are required.
Name. Add a name for the organization (there is currently no size limit to the name).
Industry. Select the type of business from the Industry dropdown. If none of the industries on the list are
applicable, then leave it set to Unknown, and contact Threat Grid support (support@threatgrid.com) to
request that an option be added.
applicable, then leave it set to Unknown, and contact Threat Grid support (support@threatgrid.com) to
request that an option be added.
Complete the other Options.
Rate Limit:
The API rate limit is global for the appliance under the terms of the license agreement. This affects API
submissions ONLY, not manual sample submissions. The rate limit in the license applies to the
Organization.
submissions ONLY, not manual sample submissions. The rate limit in the license applies to the
Organization.
Set the default user submission rate limit. You can also set sample submission rates on individual users - as
documented in Using Threat Grid, the Threat Grid Portal online Help (From the navigation bar select Help >
Using Threat Grid Online Help).
documented in Using Threat Grid, the Threat Grid Portal online Help (From the navigation bar select Help >
Using Threat Grid Online Help).
Rate limits are based on a 24-hour window of rolling time, not to a calendar day. When the submission limit
is exhausted, the next API submission will return a 429 error, plus a message about how long to wait before
retrying.
is exhausted, the next API submission will return a 429 error, plus a message about how long to wait before
retrying.
The Priority field is going away; for now just enter “50”.
5.
Click Create. The new organization is created and is now visible in the list of Organizations.