Cisco Cisco AMP Threat Grid 5500 Appliance Installation Guide
Cisco AMP Threat Grid Appliance Administrator's Guide
PRIVACY AND SAMPLE VISIBILITY
PRIVACY AND SAMPLE VISIBILITY
38
PRIVACY AND SAMPLE VISIBILITY
When submitting samples to Threat Grid for analysis, an important consideration is the privacy of their contents.
Privacy is a particularly important consideration if sensitive documents or archive types are submitted for
analysis, because locating sensitive material could be relatively easy for those with access to Threat Grid,
especially with the search API.
Privacy is a particularly important consideration if sensitive documents or archive types are submitted for
analysis, because locating sensitive material could be relatively easy for those with access to Threat Grid,
especially with the search API.
Privacy may be less of a concern when submitting samples to an on-premises Threat Grid Appliance than to the
Threat Grid Cloud, but understanding the basics of privacy and sample visibility is still necessary for TGA
administrators.
Threat Grid Cloud, but understanding the basics of privacy and sample visibility is still necessary for TGA
administrators.
The privacy and sample visibility model for sample submissions to Threat Grid is relatively simple: Unless
samples are designated as Private, they will be visible to users who are outside the submitter's Organization. In
general, a sample designated as Private may only be seen by Threat Grid users within the same Organization as
the user who submitted the sample.
samples are designated as Private, they will be visible to users who are outside the submitter's Organization. In
general, a sample designated as Private may only be seen by Threat Grid users within the same Organization as
the user who submitted the sample.
Privacy and Visibility on Threat Grid Appliances
The privacy and sample visibility model is modified on Threat Grid Appliances for samples that are submitted by
"CSA Integrations." CSA Integrations are Cisco products such as ESA/WSA appliances and other devices or
services, which are integrated (registered) with Threat Grid Appliances via the CSA API.
"CSA Integrations." CSA Integrations are Cisco products such as ESA/WSA appliances and other devices or
services, which are integrated (registered) with Threat Grid Appliances via the CSA API.
All sample submissions on Threat Grid Appliances are Public by default, and can be viewed by any other
appliance user, including CSA Integrations, regardless of which Organization they belong to.
appliance user, including CSA Integrations, regardless of which Organization they belong to.
All appliance users can see all details of samples submitted by all other users.
Non-CSA Threat Grid users may submit Private samples to the Threat Grid Appliance, in which case the
samples are only visible to other Threat Grid Appliance users, including CSA Integrations, within the submitter's
Organization.
samples are only visible to other Threat Grid Appliance users, including CSA Integrations, within the submitter's
Organization.
Privacy and sample visibility model on Threat Grid Appliances illustrated in the table below, using the following
terms:
terms:
CSA Integrations
CSA Integrations are ESA/WSA appliances and other Cisco devices or services that are
registered on a Threat Grid Appliance via the CSA API. Samples submitted to Threat Grid Appliances by CSA
Integrations are Public by default.
Integrations are Public by default.
Threat Grid User - Public
Public samples submitted to a Threat Grid Appliance by normal Threat Grid
users (i.e., non-CSA Integrations).
For example, appliance administrators or malware analysts who submit samples via the Threat Grid Portal UI, or
by using the Threat Grid Native API.
For example, appliance administrators or malware analysts who submit samples via the Threat Grid Portal UI, or
by using the Threat Grid Native API.
Threat Grid User - Private
Private samples submitted to a Threat Grid Appliance by normal Threat Grid
users.
In this case, the Private samples are invisible to all other users on the appliance who are outside of the
submitter's Organization. (The samples will be visible to CSA Integrations within the same Organization as the
submitter.)
In this case, the Private samples are invisible to all other users on the appliance who are outside of the
submitter's Organization. (The samples will be visible to CSA Integrations within the same Organization as the
submitter.)