Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
748
Views
0
Helpful
1
Replies

Private file tag for files send by ESA AMP to Threat Grid

jerryv
Level 1
Level 1

‎04-23-2025 03:27 AM

Hi, based on the following document there are two file tags that can be applied to a file when send to Threat Grid:

- Non Confidential

- Private

https://www.cisco.com/c/dam/en_us/about/doing_business/legal/OfferDescriptions/Omnibus_Cloud_Security_OD.pdf

Which tag is used when ESA sends file to AMP cloud for analysis, anyone knows?

 

Labels:
0 Helpful
1 Reply 1

Ken Stieers
VIP
VIP

‎04-23-2025 07:37 AM

I'm not sure what tag is set in the API call, and trying to get a packet capture of that might be an adventure...
BUT, you can set it from the Secure Malware Analytics/ThreatGrid (TG) side.
You are entitled to a "Device Management" account, that lets you see what's getting send to TG from your devices. Check with your Cybersecurity Sales person.
Once you have that, open a TG TAC case and have your ESAs/WSAs/SMAs (CES included!) added to that account... they'll want your TG Organization name and your login id, and the "File Analysis Client ID" from your appliances.
They show up as users in the TG console, and you can set how their files are treated, public vs. private.
0 Helpful
Customers Also Viewed These Support Documents