Hi, Enabling the File reputation but not the File analysis would make the ironport to upload all the files to the cloud?
On the documentation it says enabling the file analysis makes the devide upload the file for further inspection but I'd like to know if disabling the file analysis would not upload any file to the amp cloud. On the logs (tail amp) I can see the lines ending with 'upload_action = 1'
File reputation alone would not upload files to the cloud for analysis.
There is a reputation keep alive file amp_watchdog.txt which would still appear in the amp logs with upload-action = 1. However I do not suspect other attachments for emails to be uploaded for analsyis with file analysis turned off.
To add on to what Libin has already stated, it is correct that you'll not be uploading files for File Analysis (ThreatGrid) while that feature is disabled. At that point, the only way you'll be receiving information about Malicious files is if the file is already known to the File Reputation servers when scanned, or if you receive a Retrospective Verdict back about a file that was originally identified as Clean/Unknown and we now know it to be Malicious.
We do have on-premise ThreatGrid appliances available if your concern is regarding uploading files to the cloud.
When I log into SecureX, I'm given an option to Sign in with MIcrosoft. What information is shared from my profile with Cisco?
1. If you signed in with your work email, the information shared from your profile is controlled by your or...
Stealthwatch Enterprise can be leveraged to monitor vulnerable devices, and alert on potential exploitation by bad actors looking to exploit Ripple20 and other potential vulnerabilities.
Note that the concepts and procedures outlined here can be used for...
The following is useful to those entities interested in monitoring appropriate usage of Cisco WebEx resources within their environments, as well as those interested in tracking additional metrics around usage of the WebEx service.
The relevant supporting...
I'm using AMP, and when I activated the SecureX Ribbon, I mistakenly used the wrong account to connect to SecureX. Now my SecureX Ribbon is connected to the wrong account. How do I fix it?
You can clear the SecureX Authorizatio...
I'm using Umbrella, and when I activated the Ribbon, I mistakenly used the wrong account to connect to SecureX. Now my SecureX Ribbon is connected to the wrong account. How do I fix it?
You can clear the SecureX Authorization for t...