Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3012
Views
10
Helpful
3
Replies

Backup event file of AMP connector / Threat Grid application

Go to solution
peter.peng
Level 1
Level 1

‎03-30-2019 06:56 PM

Hi Sirs:

    If I want to backup the AMP connector and Threat Grid Application database or event. What I can do for this ?

Dose it has database ? Could you provide me any recommendation ?

Labels:
2 Accepted Solutions

Accepted Solutions

Go to solution
Wojciech Cecot
Cisco Employee
Cisco Employee

‎04-01-2019 01:21 AM

Hello Peter,

 

Depends if that is regarding AMP/TG on premise or in cloud.

 

a) on premise:

Virtual AMP Private Cloud:

https://docs.amp.cisco.com/FireAMPPrivateCloudUserGuide-latest.pdf#G5.3405286
https://docs.amp.cisco.com/FireAMPPrivateCloudUserGuide-latest.pdf#G6.3405179

 

Threat Grid Appliance:

https://www.cisco.com/c/dam/en/us/td/docs/security/amp_threatgrid/backup-faq-2-2-4.pdf

 

b) cloud:

There is no option to make a backup, while that data is securely stored in Cisco data centers, however while in AMP cloud events are stored for 30 days, you can always configure your own SIEM to retrieve events using API and store as long as needed.

 

For example, there is A4E add-on in Splunk:

https://splunkbase.splunk.com/app/3670/

 

There is also add-on for Threat Grid:

https://splunkbase.splunk.com/app/4251/

 

Hope that helps

Wojciech

 

View solution in original post

Go to solution
Wojciech Cecot
Cisco Employee
Cisco Employee
In response to peter.peng

‎04-01-2019 11:15 AM - edited ‎04-01-2019 11:17 AM

backup of vPC includes mainly:
---configuration,
---events,
---certificates.


backup of TG includes mainly:
---samples,
---analysis results,
---databases (including users and organizations),
---configuration done within the Face or Mask portal UI.


Regards,
Wojciech

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Wojciech Cecot
Cisco Employee
Cisco Employee

‎04-01-2019 01:21 AM

Hello Peter,

 

Depends if that is regarding AMP/TG on premise or in cloud.

 

a) on premise:

Virtual AMP Private Cloud:

https://docs.amp.cisco.com/FireAMPPrivateCloudUserGuide-latest.pdf#G5.3405286
https://docs.amp.cisco.com/FireAMPPrivateCloudUserGuide-latest.pdf#G6.3405179

 

Threat Grid Appliance:

https://www.cisco.com/c/dam/en/us/td/docs/security/amp_threatgrid/backup-faq-2-2-4.pdf

 

b) cloud:

There is no option to make a backup, while that data is securely stored in Cisco data centers, however while in AMP cloud events are stored for 30 days, you can always configure your own SIEM to retrieve events using API and store as long as needed.

 

For example, there is A4E add-on in Splunk:

https://splunkbase.splunk.com/app/3670/

 

There is also add-on for Threat Grid:

https://splunkbase.splunk.com/app/4251/

 

Hope that helps

Wojciech

 

Go to solution
peter.peng
Level 1
Level 1
In response to Wojciech Cecot

‎04-01-2019 07:34 AM

Hi Wojciech Cecot:

    If I follow your procedures to backup it. What kind of datas that I can backup it ?

1.Configuration ?

2. Event ?

 

0 Helpful

Go to solution
Wojciech Cecot
Cisco Employee
Cisco Employee
In response to peter.peng

‎04-01-2019 11:15 AM - edited ‎04-01-2019 11:17 AM

backup of vPC includes mainly:
---configuration,
---events,
---certificates.


backup of TG includes mainly:
---samples,
---analysis results,
---databases (including users and organizations),
---configuration done within the Face or Mask portal UI.


Regards,
Wojciech

0 Helpful
Customers Also Viewed These Support Documents