Solved: Re: AMP and selfservice

elliottbujan6396 · ‎10-22-2018

Is there a way to offer our users a self service facility to upload and analyze their files? Do they have to contact us everytime they have / receive a suspicious file or attachment?

thx

brmcmaho · ‎10-22-2018

(Note: I'm assuming that, when you say "upload and analyze", you're talking about the Threat Grid integration in AMP that provides file analysis. If I'm wrong about that, please correct me.)

There is no self-service analysis built in to AMP at the moment. Considering that every customer has a limited number of file submissions within a 24-hour period, I'm not sure that most people would want one. It seems like it would be all too easy for one "enthusiastic" user to burn your organization's entire submission quota with files that aren't all that interesting to look at.

Having said that, if you do need to build a facility like this, you could probably build something like that using the Threat Grid API, although that would require a full Threat Grid subscription, beyond the integration that's included in AMP.

View solution in original post

brmcmaho · ‎10-24-2018

The exact number is going to depend on how and when your AMP account was set up; current policy (for new customers) is 200 samples per day per organization. Older accounts may be grandfathered in to the previous TG licensing model, which was based on the side of your AMP seat license and/or appliance models.

You can confirm your settings in the AMP console by going to Accounts > Business, and checking under Cisco Threat Grid API. It will tell you how many sample submissions per day you have on your account, and how many submissions are currently available.

View solution in original post

brmcmaho · ‎10-22-2018

(Note: I'm assuming that, when you say "upload and analyze", you're talking about the Threat Grid integration in AMP that provides file analysis. If I'm wrong about that, please correct me.)

There is no self-service analysis built in to AMP at the moment. Considering that every customer has a limited number of file submissions within a 24-hour period, I'm not sure that most people would want one. It seems like it would be all too easy for one "enthusiastic" user to burn your organization's entire submission quota with files that aren't all that interesting to look at.

Having said that, if you do need to build a facility like this, you could probably build something like that using the Threat Grid API, although that would require a full Threat Grid subscription, beyond the integration that's included in AMP.

elliottbujan6396 · ‎10-22-2018

thanks brmcmacho

submission quota?

brmcmaho · ‎10-24-2018

The exact number is going to depend on how and when your AMP account was set up; current policy (for new customers) is 200 samples per day per organization. Older accounts may be grandfathered in to the previous TG licensing model, which was based on the side of your AMP seat license and/or appliance models.

You can confirm your settings in the AMP console by going to Accounts > Business, and checking under Cisco Threat Grid API. It will tell you how many sample submissions per day you have on your account, and how many submissions are currently available.