Cisco Cisco Content Security Management Appliance M390 Guía Del Usuario
5-22
AsyncOS 9.5.x for Cisco Content Security Management Appliances User Guide
Chapter 5 Using Centralized Web Reporting and Tracking
Web Reporting Page Descriptions
Requirements for File Analysis Report Details
(Cloud File Analysis) Ensure That the Management Appliance Can Reach the File Analysis Server
In order to obtain File Analysis report details, the appliance must be able to connect to the File Analysis
server over port 443. See details in
server over port 443. See details in
If your Security Management appliance does not have a direct connection to the internet, configure a
proxy server for this traffic (See
proxy server for this traffic (See
.) If you have already
configured the appliance to use a proxy to obtain upgrades and service updates, the existing settings are
used.
used.
If you use an HTTPS proxy, the proxy must not decrypt the traffic; use a pass-through mechanism for
communications with the File Analysis server. The proxy server must trust the certificate from the Fire
Analysis server, but need not provide its own certificate to the File Analysis server.
communications with the File Analysis server. The proxy server must trust the certificate from the Fire
Analysis server, but need not provide its own certificate to the File Analysis server.
(Cloud File Analysis) Configure the Management Appliance to Display Detailed File Analysis Results
In order to allow all content security appliances in your organization to display detailed results in the
cloud about files sent for analysis from any Cisco Email Security appliance or Cisco Web Security
appliance in your organization, you need to join all appliances to the same appliance group.
cloud about files sent for analysis from any Cisco Email Security appliance or Cisco Web Security
appliance in your organization, you need to join all appliances to the same appliance group.
Step 1
Select Management Appliance > Centralized Services > Security Appliances.
Step 2
Scroll to the File Analysis section.
Step 3
If your managed appliances are pointed at different File Analysis cloud servers, select the server from
which to display result details.
which to display result details.
Result details will not be available for files processed by any other cloud server.
Step 4
Enter the Analysis Group ID.
•
If you enter the Group ID incorrectly or need to change it for any other reason, you must open a case
with Cisco TAC.
with Cisco TAC.
•
This change takes effect immediately; it does not require a Commit.
•
It is suggested to use your CCOID for this value.
•
This value is case-sensitive.
•
This value must be identical on all appliances that will share data about files that are uploaded for
analysis.
analysis.
•
An appliance can belong to only one group.
•
You can add a machine to a group at any time, but you can do it only once.
Step 5
Click Group Now.
Step 6
Configure the same group on each Web Security appliance that will share data with this appliance.
(On-Premises File Analysis) Activate the File Analysis Account
If you have deployed an on-premises (private cloud) Cisco AMP Threat Grid Appliance, you must
activate the File Analysis account for your Security Management appliance in order to view report
details available on the Threat Grid appliance. You generally only need to do this once.
activate the File Analysis account for your Security Management appliance in order to view report
details available on the Threat Grid appliance. You generally only need to do this once.