Cisco Cisco AMP Threat Grid 5004 Appliance Guida All'Installazione
Cisco AMP Threat Grid Appliance Administrator's Guide
INTRODUCTION
INTRODUCTION
1
INTRODUCTION
A Cisco AMP Threat Grid Appliance ("TGA") provides the complete AMP Threat Grid malware analysis platform
installed on a single Cisco UCS server (UCS C220-M3). Threat Grid Appliances provide a safe and highly secure
on-premises environment for performing advanced malware analysis, with detailed threat analytics and content.
installed on a single Cisco UCS server (UCS C220-M3). Threat Grid Appliances provide a safe and highly secure
on-premises environment for performing advanced malware analysis, with detailed threat analytics and content.
Many organizations that handle sensitive data, such as banks, insurance companies, healthcare services, etc.,
must follow various regulatory compliance rules, policy restrictions, and other guidelines that prohibit certain
types of files, such as malware artifacts, to be sent outside of the network for malware analysis. By maintaining a
Threat Grid Appliance on-premises, these organizations are able to send suspicious documents and files to the
appliance to be analyzed without ever leaving the network.
must follow various regulatory compliance rules, policy restrictions, and other guidelines that prohibit certain
types of files, such as malware artifacts, to be sent outside of the network for malware analysis. By maintaining a
Threat Grid Appliance on-premises, these organizations are able to send suspicious documents and files to the
appliance to be analyzed without ever leaving the network.
With an AMP Threat Grid Appliance, security teams can analyze all samples using proprietary and highly secure
static and dynamic analysis techniques. The appliance correlates the analysis results with hundreds of millions of
previously analyzed malware artifacts, to provide a global view of malware attacks and campaigns, and their
distributions.
static and dynamic analysis techniques. The appliance correlates the analysis results with hundreds of millions of
previously analyzed malware artifacts, to provide a global view of malware attacks and campaigns, and their
distributions.
A single sample of observed activity and characteristics can quickly be correlated against millions of other
samples to fully understand its behaviors within an historical and global context. This ability helps security teams
to effectively defend the organization against threats and attacks from advanced malware.
samples to fully understand its behaviors within an historical and global context. This ability helps security teams
to effectively defend the organization against threats and attacks from advanced malware.
Who This Guide Is For
This document is the TGA administrator's guide. It describes how to get started with a new Threat Grid
Appliance, and how to manage the appliance for optimum malware analysis. This guide also provides
information for administrators who are integrating the Threat Grid Appliance with other Cisco products and
services, such as ESA and WSA appliances and FireAMP Private Cloud devices.
Appliance, and how to manage the appliance for optimum malware analysis. This guide also provides
information for administrators who are integrating the Threat Grid Appliance with other Cisco products and
services, such as ESA and WSA appliances and FireAMP Private Cloud devices.
For information about Threat Grid Appliance setup and configuration, please see the Threat Grid Appliance
Setup and Configuration Guide, which is available on the
Setup and Configuration Guide, which is available on the
Threat Grid Appliance product documentation page
.
What’s New
Version 2.0.3
This point release introduces a number of features to support FireAMP Private Cloud device integrations. These
include the ability to split DNS between the Clean and Dirty interfaces, CA Management, and FireAMP
Integration Configuration.
include the ability to split DNS between the Clean and Dirty interfaces, CA Management, and FireAMP
Integration Configuration.
Generated SSL certificates now have the CN duplicated as a subjectAltName. This addresses an incompatibility
with SSL clients which ignore the CN field when at least one subjectAltName is present. It may be necessary to
regenerate any previously appliance-generated certificates if using such tools.
with SSL clients which ignore the CN field when at least one subjectAltName is present. It may be necessary to
regenerate any previously appliance-generated certificates if using such tools.
Version 2.0
Version 2.0 is a major release, built upon an updated operating system. It includes enhancements that will
support future hardware releases, and also brings the Threat Grid Portal UI more in line with the Cloud version.
This includes significant numbers of new and updated Behavioral Indicators and other changes.
support future hardware releases, and also brings the Threat Grid Portal UI more in line with the Cloud version.
This includes significant numbers of new and updated Behavioral Indicators and other changes.
Please read the Threat Grid Portal Release Notes beginning with release 3.3.45 for details. (From the Portal UI
Navigation bar select Help, then click on the link to the release notes. The notes are cumulative: the most recent
version contains all previous notes.
Navigation bar select Help, then click on the link to the release notes. The notes are cumulative: the most recent
version contains all previous notes.