12-28-2023 05:42 AM
We wanted to integrate our IBM SOAR with Cisco Threat Grid and it requested for an API key. From where we can get the key and also does we need license to integrate with Cisco Threat Grid?
12-28-2023 05:51 AM
12-28-2023 06:05 AM
Note that you might need to import the certificates from TGA into the IBM SOAR platform, and documentation around TGA is not that much outside of the current Admin guide here https://www.cisco.com/c/en/us/td/docs/security/threat_grid/admin-guide/v2-17/b_threat-grid-admin-guide.html
Steps to integrate with the API:
Log in to the Opadmin (Admin) interface of the Malware Analytics Appliance.
Navigate to Configuration > Integrations.
Configure the TGA with the API Access Tokens.
Once configured click Save and then click reconfigure.
Use RASH to the customer appliance to perform
systemctl --no-block restart tg-supervisor
12-28-2023 06:12 AM
@Ruben Cocheno thank you for the response. Normally we don't have a Cisco Threat Grid appliance, we were just trying to integrate with the Cisco Talos site Threat Grid. There are free threat intelligence sites. I was also wondering if this Cisco Threat Intelligence is free online.
12-28-2023 06:50 AM
Guys I was asked by the security team to confirm them. Normally we have a cisco asa firewall with an IPS license and a cisco web security appliance. but I don't if these licenses are enough to integreate with cisco talos. Please help me understand the issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide