10-18-2024 08:32 AM
Hello,
Does anyone know where I can find documentation that explains how to integrate AMP, ThreatGrid and the mail gateways all together?
Thank you!
10-18-2024 10:09 AM
10-18-2024 10:17 AM - edited 10-20-2024 12:46 AM
Its in the user guide, or on-line help.
https://www.cisco.com/c/en/us/td/docs/security/esa/esa15-0/user_guide/b_ESA_Admin_Guide_15-0/b_ESA_Admin_Guide_12_1_chapter_010001.html
Assuming you have an AMP account, and a ThreatGrid account, and you know WHERE they are (US, APAC, EU)
1. In browser, login to your AMP account
2. In a new browser tab, go to the gui for your ESA go to Security Services/File Reputation and and Analysis, click on Global Settings
3. Click on/expand Advanced Settings for File Reputation,
* pick the region you server is in and set proxy config as appropriate.
* click on the "Register with Secure Endpoint" button.
* It will ask for confirmation to go to Secure Endpoint
* In the Secure Endpoint console, you'll be asked to config the new client being added, Allow it, and it will take you back to the ESA.
You'll now see the ESA as a client in your AMP console, you can add it to a group, it will get the "Network" policy, where you can set "Custom detections - Simple" and "Application - Allowed" your block and allow lists. If you have a cluster you have to do this on each ESA.
For ThreatGrid, you set the File Analysis Server URL to the correct one, set proxy if you need it. Then, open a ticket with Threat Grid, ask them to add your ESAs, (and SMAs, WSAs) to your TG tenant, and File Analysis Client ID you see there as well as your login, and Organization name from the Threat Grid Administration/Organization page.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide