Re: AMP File Analysis service (ThreatGrid Cloud)

Pravar · ‎12-23-2017

Hi, We are using ESA along with AMP File Reputation and File Analysis with ThreatGrid Cloud for incoming mails only. We noticed that the bounce back - "Undeliverable" emails with attachments are also scanned by AMP. Is it really required and normal behaviour? and We are getting the following error message.

" The attachment could not be uploaded to the File Analysis server because the appliance exceeded the upload limit"

Understand that number of file sent for analysis by an appliance from ESA. How do we check the number of files sent by an appliance for analysis in 24 hours exactly?

Thanks in advance,

Libin Varghese · ‎12-25-2017

Hi,

AMP would attempt to scan all emails even NDR's. However you can certainly bypass AMP check based on your requirement.

You can review the approximate number of files uploaded for analysis using the AMP logs from the CLI.

grep "Dec 20.*File uploaded for analysis" amp -c
grep "Dec 21.*File uploaded for analysis" amp -c
etc

You can also review the AMP reports available under the Monitor tab.

Regards

Libin Varghese

Pravar · ‎12-27-2017

Thanks Libin. This is really handy. However we are still receiving the alert message though the appliance shows very less compared to the limit of 500 for the C670 appliance.

Libin Varghese · ‎12-27-2017

You may want to open a TAC case to get that checked if the number of files uploaded is fairly less and the upload limit is still being reached.

TAC would probably need a remote access to the appliance to review the backend AMP logs.

Regards,

Libin Varghese