Cisco Cisco Email Security Appliance C160 Mode D'Emploi
17-7
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Chapter 17 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Note
Do not change any other settings in this section without guidance from Cisco support.
Step 9
If you will use the cloud service for file analysis:
a.
Select Advanced Settings for File Analysis.
b.
Choose the cloud server that is physically nearest to your Email Security appliances .
Newly available servers will be added to this list periodically using standard update processes.
Step 10
If you will use an on-premises Cisco AMP Threat Grid appliance for file analysis:
Configure Advanced Settings for File Analysis:
Step 11
Submit and commit your changes.
Step 12
If you are using an on-premises Cisco AMP Threat Grid appliance, activate the account for this appliance
on the AMP Threat Grid appliance.
on the AMP Threat Grid appliance.
Complete instructions for activating the "user" account are available in the AMP Threat Grid
documentation.
documentation.
a.
Note the File Analysis Client ID that appears at the bottom of the page. This identifies the "user"
that you will activate.
that you will activate.
b.
Sign in to the AMP Threat Grid appliance.
c.
Select Welcome... > Manage Users and navigate to User Details.
d.
Locate the "user" account based on the File Analysis Client ID of your Email Security appliance.
e.
Activate this "user" account for your appliance.
(Public Cloud File Analysis Services Only) Configuring Appliance Groups
In order to allow all content security appliances in your organization to view file analysis result details
in the cloud for files sent for analysis from any appliance in your organization, you need to join all
appliances to the same appliance group.
in the cloud for files sent for analysis from any appliance in your organization, you need to join all
appliances to the same appliance group.
Step 1
Select Security Services > File Reputation and Analysis.
Step 2
In the Appliance Grouping for File Analysis Cloud Reporting section, enter the Analysis Group ID.
Option
Description
File Analysis
Server URL
Server URL
Select Private cloud.
Server
URL of the on-premises Cisco AMP Threat Grid Appliance. Use the hostname, not the
IP address, for this value and for the certificate.
IP address, for this value and for the certificate.
Certificate
Upload a self-signed certificate that you have generated from your on-premises
Cisco AMP Threat Grid Appliance.
Cisco AMP Threat Grid Appliance.
The most recently uploaded self-signed certificate is used. It is not possible to access a
certificate uploaded prior to the most recent certificate; if needed, upload the desired
certificate again.
certificate uploaded prior to the most recent certificate; if needed, upload the desired
certificate again.