Cisco Cisco Web Security Appliance S170 사용자 가이드
14-8
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Chapter 14 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Step 10
Submit and commit your changes.
Step 11
If you are using an on-premises Cisco AMP Threat Grid appliance, activate the account for this appliance
on the AMP Threat Grid appliance.
on the AMP Threat Grid appliance.
Complete instructions for activating the "user" account are available in the AMP Threat Grid
documentation.
documentation.
a.
Note the File Analysis Client ID that appears at the bottom of the section. This identifies the "user"
that you will activate.
that you will activate.
b.
Sign in to the AMP Threat Grid appliance.
c.
Select Welcome... > Manage Users and navigate to User Details.
d.
Locate the "user" account based on the File Analysis Client ID of your Web Security appliance.
e.
Activate this "user" account for your appliance.
(Public Cloud File Analysis Services Only) Configuring Appliance Groups
In order to allow all content security appliances in your organization to view file analysis result details
in the cloud for files sent for analysis from any appliance in your organization, you need to join all
appliances to the same appliance group.
in the cloud for files sent for analysis from any appliance in your organization, you need to join all
appliances to the same appliance group.
Step 1
Select Security Services > Anti-Malware and Reputation .
Step 2
In the Appliance Grouping for File Analysis Cloud Reporting section, enter the File Analysis Cloud
Reporting Group ID.
Reporting Group ID.
•
If you enter the Group ID incorrectly or need to change it for any other reason, you must open a case
with Cisco TAC.
with Cisco TAC.
•
This change takes effect immediately; it does not require a Commit.
•
This value must be identical on all appliances that will share data about files that are uploaded for
analysis.
analysis.
•
It is suggested to use your CCOID for this value. However, this entry is not validated for accuracy.
•
This value is case-sensitive.
•
All appliances in the group must be configured to use the same File Analysis server in the cloud.
Option
Description
File Analysis
Server URL
Server URL
Select Private cloud.
Server
URL of the on-premises Cisco AMP Threat Grid Appliance. Use the hostname, not the
IP address, for this value and for the certificate.
IP address, for this value and for the certificate.
Certificate
Upload a self-signed certificate that you have generated from your on-premises
Cisco AMP Threat Grid Appliance.
Cisco AMP Threat Grid Appliance.
The most recently uploaded self-signed certificate is used. It is not possible to access a
certificate uploaded prior to the most recent certificate; if needed, upload the desired
certificate again.
certificate uploaded prior to the most recent certificate; if needed, upload the desired
certificate again.