cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
950
Views
5
Helpful
3
Replies

Are Threatgrid submissons from FTD private?

mikemayou
Beginner
Beginner

When manually submitting files for analysis in Threat Grid you can opt to have them Private or Public. Are those submitted by the automatically from the FTD private or public or is this a setting one can choose?  The worry is that company sensitive information might be submitted. 

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

ThreatGrid file submissions are indeed the entire file. As you noted, it's the nature of the sandbox to launch the file and analyze the behavior. If your submissions use the "public option" the file signatures are subsequently used to populate the AMP/ThreatGrid databases for other customers' file submissions to be compared against. In no case are your files shared with anyone outside your organization.

If that level of security isn't sufficient, ThreatGrid can be purchased as an on-premise appliance. In that sort of setup, the appliance itself does all of the sandboxing and returns the disposition to you alone. the file never leaves your premises - even to go to your tenant instance in Cisco's cloud (as it would with the traditional ThreatGrid SaaS model) because there is no cloud-based component.

View solution in original post

3 Replies 3

balaji.bandi
VIP Community Legend VIP Community Legend
VIP Community Legend

it only submit the signatures - not the content.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I thought that Threat Grid was the sandbox. We use Cisco Email Security and have the ability to sandbox files with Threat Grid and receive a report/interact with urls etc. This is not signature based. Is it not the same?


Marvin Rhoads
VIP Community Legend VIP Community Legend
VIP Community Legend

ThreatGrid file submissions are indeed the entire file. As you noted, it's the nature of the sandbox to launch the file and analyze the behavior. If your submissions use the "public option" the file signatures are subsequently used to populate the AMP/ThreatGrid databases for other customers' file submissions to be compared against. In no case are your files shared with anyone outside your organization.

If that level of security isn't sufficient, ThreatGrid can be purchased as an on-premise appliance. In that sort of setup, the appliance itself does all of the sandboxing and returns the disposition to you alone. the file never leaves your premises - even to go to your tenant instance in Cisco's cloud (as it would with the traditional ThreatGrid SaaS model) because there is no cloud-based component.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers