03-30-2019 06:56 PM
Hi Sirs:
If I want to backup the AMP connector and Threat Grid Application database or event. What I can do for this ?
Dose it has database ? Could you provide me any recommendation ?
Solved! Go to Solution.
04-01-2019 01:21 AM
Hello Peter,
Depends if that is regarding AMP/TG on premise or in cloud.
a) on premise:
Virtual AMP Private Cloud:
https://docs.amp.cisco.com/FireAMPPrivateCloudUserGuide-latest.pdf#G5.3405286
https://docs.amp.cisco.com/FireAMPPrivateCloudUserGuide-latest.pdf#G6.3405179
Threat Grid Appliance:
https://www.cisco.com/c/dam/en/us/td/docs/security/amp_threatgrid/backup-faq-2-2-4.pdf
b) cloud:
There is no option to make a backup, while that data is securely stored in Cisco data centers, however while in AMP cloud events are stored for 30 days, you can always configure your own SIEM to retrieve events using API and store as long as needed.
For example, there is A4E add-on in Splunk:
https://splunkbase.splunk.com/app/3670/
There is also add-on for Threat Grid:
https://splunkbase.splunk.com/app/4251/
Hope that helps
Wojciech
04-01-2019 11:15 AM - edited 04-01-2019 11:17 AM
backup of vPC includes mainly:
---configuration,
---events,
---certificates.
backup of TG includes mainly:
---samples,
---analysis results,
---databases (including users and organizations),
---configuration done within the Face or Mask portal UI.
Regards,
Wojciech
04-01-2019 01:21 AM
Hello Peter,
Depends if that is regarding AMP/TG on premise or in cloud.
a) on premise:
Virtual AMP Private Cloud:
https://docs.amp.cisco.com/FireAMPPrivateCloudUserGuide-latest.pdf#G5.3405286
https://docs.amp.cisco.com/FireAMPPrivateCloudUserGuide-latest.pdf#G6.3405179
Threat Grid Appliance:
https://www.cisco.com/c/dam/en/us/td/docs/security/amp_threatgrid/backup-faq-2-2-4.pdf
b) cloud:
There is no option to make a backup, while that data is securely stored in Cisco data centers, however while in AMP cloud events are stored for 30 days, you can always configure your own SIEM to retrieve events using API and store as long as needed.
For example, there is A4E add-on in Splunk:
https://splunkbase.splunk.com/app/3670/
There is also add-on for Threat Grid:
https://splunkbase.splunk.com/app/4251/
Hope that helps
Wojciech
04-01-2019 07:34 AM
Hi Wojciech Cecot:
If I follow your procedures to backup it. What kind of datas that I can backup it ?
1.Configuration ?
2. Event ?
04-01-2019 11:15 AM - edited 04-01-2019 11:17 AM
backup of vPC includes mainly:
---configuration,
---events,
---certificates.
backup of TG includes mainly:
---samples,
---analysis results,
---databases (including users and organizations),
---configuration done within the Face or Mask portal UI.
Regards,
Wojciech
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide