Cisco Cisco Web Security Appliance S370 사용자 가이드
14-8
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
Chapter 14 File Reputation Filtering and File Analysis
Configuring File Reputation and Analysis Features
Step 10
Submit and commit your changes.
Step 11
If you are using an on-premises Cisco AMP Threat Grid appliance, you must activate the account for this
appliance on the AMP Threat Grid appliance:
appliance on the AMP Threat Grid appliance:
Complete instructions for the activation process are available in the AMP Threat Grid documentation.
a.
Note the File Analysis Client ID that appears at the bottom of the section.
b.
Sign in to the AMP Threat Grid appliance.
c.
Select Welcome... > Manage Users.
d.
Locate the "user" account based on the File Analysis Client ID of your Web Security appliance.
e.
Activate this "user" account for your appliance.
(Public Cloud File Analysis Services Only) Configuring Appliance Groups
In order to allow all content security appliances in your organization to view file analysis result details
in the cloud for files sent for analysis from any appliance in your organization, you need to join all
appliances to the same appliance group.
in the cloud for files sent for analysis from any appliance in your organization, you need to join all
appliances to the same appliance group.
Step 1
Select Security Services > Anti-Malware and Reputation .
Step 2
In the Appliance Grouping for File Analysis Cloud Reporting section, enter the File Analysis Cloud
Reporting Group ID.
Reporting Group ID.
•
If you enter the Group ID incorrectly or need to change it for any other reason, you must open a case
with Cisco TAC.
with Cisco TAC.
•
This change takes effect immediately; it does not require a Commit.
•
This value must be identical on all appliances that will share data about files that are uploaded for
analysis.
analysis.
•
It is suggested to use your CCOID for this value. However, this entry is not validated for accuracy.
•
This value is case-sensitive.
Option
Description
File Analysis
Server URL
Server URL
Select Private cloud.
Server
URL of the on-premises Cisco AMP Threat Grid Appliance. Use the hostname, not the
IP address, for this value and for the certificate.
IP address, for this value and for the certificate.
Certificate
Do one of the following:
•
Select the Cisco default certificate authority.
•
Upload a self-signed certificate that you have generated from your on-premises
Cisco AMP Threat Grid Appliance.
Cisco AMP Threat Grid Appliance.
The most recently uploaded self-signed certificate is used. It is not possible to
access a certificate uploaded prior to the most recent certificate; if needed, upload
the desired certificate again.
access a certificate uploaded prior to the most recent certificate; if needed, upload
the desired certificate again.