topic Re: AMP and selfservice in Endpoint Security

AMP and selfservice

elliottbujan6396 — Fri, 21 Feb 2020 05:06:41 GMT

Is there a way to offer our users a self service facility to upload and analyze their files? Do they have to contact us everytime they have / receive a suspicious file or attachment?

thx

Re: AMP and selfservice

brmcmaho — Mon, 22 Oct 2018 18:04:00 GMT

(Note: I'm assuming that, when you say "upload and analyze", you're talking about the Threat Grid integration in AMP that provides file analysis. If I'm wrong about that, please correct me.)

There is no self-service analysis built in to AMP at the moment. Considering that every customer has a limited number of file submissions within a 24-hour period, I'm not sure that most people would want one. It seems like it would be all too easy for one "enthusiastic" user to burn your organization's entire submission quota with files that aren't all that interesting to look at.

Having said that, if you do need to build a facility like this, you could probably build something like that using the Threat Grid API, although that would require a full Threat Grid subscription, beyond the integration that's included in AMP.

Re: AMP and selfservice

elliottbujan6396 — Mon, 22 Oct 2018 21:42:51 GMT

thanks brmcmacho

submission quota?

Re: AMP and selfservice

brmcmaho — Wed, 24 Oct 2018 20:59:00 GMT

The exact number is going to depend on how and when your AMP account was set up; current policy (for new customers) is 200 samples per day per organization. Older accounts may be grandfathered in to the previous TG licensing model, which was based on the side of your AMP seat license and/or appliance models.

You can confirm your settings in the AMP console by going to Accounts > Business, and checking under Cisco Threat Grid API. It will tell you how many sample submissions per day you have on your account, and how many submissions are currently available.