Cisco Cisco Email Security Appliance C160 Mode D'Emploi
17-7
User Guide for AsyncOS 10.0 for Cisco Email Security Appliances
Chapter 17 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
•
Ensure that your appliances can communicate with each other over your network. Cisco Email
Security appliances must be able to connect to the CLEAN interface of the AMP Threat Grid
appliance.
Security appliances must be able to connect to the CLEAN interface of the AMP Threat Grid
appliance.
•
If you will deploy a self-signed certificate: Generate a self-signed SSL certificate from the Cisco
AMP Threat Grid appliance to be used on your Email Security appliance. See instructions for
downloading SSL certificates and keys in the administrator’s guide for your AMP Threat Grid
appliance. Be sure to generate a certificate that has the host name of your AMP Threat Grid
appliance as CN. The default certificate from the AMP Threat Grid appliance does NOT work.
AMP Threat Grid appliance to be used on your Email Security appliance. See instructions for
downloading SSL certificates and keys in the administrator’s guide for your AMP Threat Grid
appliance. Be sure to generate a certificate that has the host name of your AMP Threat Grid
appliance as CN. The default certificate from the AMP Threat Grid appliance does NOT work.
•
Registration of your Email Security appliance with your Threat Grid appliance occurs automatically
when you submit the configuration for File Analysis, as described in
when you submit the configuration for File Analysis, as described in
. However, you must activate the registration as
described in the same procedure.
Note
After you have set up the on-premises file-analysis server, you will configure connection to it from this
Email Security appliance ; see
Email Security appliance ; see
of
Enabling and Configuring the File Reputation and Analysis Services
Before You Begin
•
Acquire feature keys for the file reputation service and the file analysis service and transfer them to
this appliance.
this appliance.
•
Meet the
.
•
Verify connectivity to the update servers configured on the Updates page .
•
If you will use a Cisco AMP Virtual Private Cloud Appliance as a private-cloud file reputation
server, see
server, see
.
•
If you will use a Cisco AMP Threat Grid Appliance as a private-cloud file analysis server, see
Step 1
Select Security Services > File Reputation and Analysis.
Step 2
Click Edit Global Settings.
Step 3
Click Enable File Reputation and optionally Enable File Analysis.
File Analysis is enabled by default. If you do not uncheck Enable File Analysis, the File Analysis
feature key will be activated after the next commit.
feature key will be activated after the next commit.
•
If Enable File Reputation is checked, you must configure the section File Reputation Server (in
), by either choosing the URL of an external public-reputation cloud server, or by providing
the Private reputation cloud server connection information.
•
Similarly, if Enable File Analysis is checked, you must configure the section File Analysis Server
URL (in
URL (in
), providing either the URL of an external cloud server, or the Private analysis cloud
connection information.
Step 4
Accept the license agreement if presented.
Step 5
In the File Analysis section, select the File Types to send to the cloud for analysis.
For information about supported file types, see the document described in
.