Cisco Cisco AMP Threat Grid 5004 Appliance Installation Guide
Cisco AMP Threat Grid Appliance Administrator's Guide
CONFIGURATION MANAGEMENT
CONFIGURATION MANAGEMENT
17
•
DNS servers (including DNS configuration for FireAMP Private Cloud integrations)
•
NTP servers
•
Server Notifications
•
Syslog messages and Threat Grid Notifications remote server setup
•
CA Certificate Management (for FireAMP Private Cloud integrations)
Note:
Configuration updates in OpAdmin should be completed in one session to reduce the chance of an
interruption to the IP address during configuration.
Note:
OpAdmin will not validate the gateway entries. If you enter the wrong gateway and save it, the OpAdmin
interface will be inaccessible. You will have to use the console to fix the networking configuration if that was done
on the admin interface. If Admin is still valid, you can fix it in OpAdmin and reboot.
on the admin interface. If Admin is still valid, you can fix it in OpAdmin and reboot.
Reminder:
OpAdmin uses HTTPS. Pointing a browser at the Admin IP is not sufficient; you must point to:
https://adminIP/ OR https://adminHostname/
SSH Keys
Setting up SSH keys provides the Threat Grid Appliance administrator with access to TGSH Dialog via SSH
(threatgrid@<host>).
(threatgrid@<host>).
It does NOT provide root access or a command shell. Multiple keys may be added.
Configuration > SSH
Syslog
In addition to the periodic notifications that can be set up (in OpAdmin under Configuration > Notifications) to
deliver system notifications via email, you can also configure a remote syslog server to receive syslog messages
and Threat Grid notifications.
deliver system notifications via email, you can also configure a remote syslog server to receive syslog messages
and Threat Grid notifications.
1.
In OpAdmin, under Configuration > Syslog
2.
Enter the server DNS in the field provided, and then select a protocol from the dropdown list; TCP is the
default, the other is UDP.
default, the other is UDP.
3.
Check the Verification box to perform a DNS lookup when you click Save. If the host cannot resolve the
name, it will print an error and will not save (until you enter a valid hostname).
name, it will print an error and will not save (until you enter a valid hostname).
If you do not check the Verification box, the appliance will accept any name, whether valid in DNS or not.
4.
Click Save.
To Edit or Delete: If you need to update the Syslog DNS, simply edit or delete it and click Save.
Reconfiguration
When changes are made to configuration settings, a light blue alert appears below the Configuration menu.
When you are done updating any OpAdmin configuration settings, you must save the reconfiguration in a
separate step.
When you are done updating any OpAdmin configuration settings, you must save the reconfiguration in a
separate step.
1.
Click Configuration Changed. The Reconfiguration dialog opens: