Cisco Cognitive Threat Analytics (CTA) will be migrated to a new location, which results in new URLs and IP addresses for access and use of the service.
In order to help ensure future flexibility and performance, Cisco CTA will be migrated to the Amazon Web Services (AWS) Cloud.
The migration will take place in two phases:
The first phase covers the migration of the CTA Landing Page, CTA Portal, API Services, and Trusted Automated eXchange of Indicator Information (TAXII) service.
The second phase covers the migration of the data ingest services.
This document covers the changes related to the first phase of the migration only. A subsequent document that covers the second phase of the migration will be published at a later date.
The switchover is scheduled to take place on Monday, August 20, 2018, 7:00 - 9:00 a.m. CEST (Sunday, August 19 10:00 p.m. - midnight Pacific).
During the switchover, there will be a two-hour maintenance window required to resync data from the old data center to the AWS data center during which the CTA user interface, Structured Threat Information eXpression (STIX)/TAXII services, and integration services will be unavailable. Data ingest will continue to accept customer telemetry, but no new devices can be provisioned during the maintenance break.
In the process of the migration, we are not replicating incident database from the legacy data center to the new location. Instead, the system will migrate only anomalous traffic within the look-back period of 45 days and will independently derive new incidents in the target AWS environment. As a result of that, the visible history of your incidents is limited to only 45 days of anomalous traffic. Also there might be slight differences in the incident detail, due to the probabilistic nature of the detection engine.
As a consequence of the migration, you might need to perform changes in order to use the service unaffected. Failure to perform the needed changes will not result in loss of data analytics, but might result in loss of access to the CTA portal as well as a stop of import into your security information and event management (SIEM) solution should you use one.
The current URLs will stay unchanged but point to new IP addresses after migration. In order to continue to use the service after the completed switchover, you should make these changes:
If you have access control lists (ACLs) in place in your firewall that limits outbound access, and these ACLs are IP address-based, you must add the new IP addresses/ranges. Allow both AWS Elastic IP (EIP) addresses and Cisco IP addresses listed in the table.
If you use the API offered by Cisco CTA to export your security data into your own SIEM solution, and you reference Cisco's API by IP address and not by URL, Cisco recommends that you change your setting in your SIEM solution to use the URL. If you cannot use the URL in your SIEM solution, you can change your settings to point to one of the IP addresses, but in that case, Cisco cannot guarantee the service availability. If you need the service to always be available you need to use the URL, as high availability will be implemented with Domain Name System (DNS).
Refer to the tables for the new as well as the current URLs and IP addresses.
Hi guys.I ran site to site VPN between 3845 and 2811 routers based on Cisco " IOS VPN Config Guide" Manual and I'm using L2 Service with 10 Mb/s Bandwidth from My ISP.Both of routers using onboard VPN accelerator.Routers Don't show any packet drop o...
Hello All, We have an FTD Active/Standby appliances of 4115 with FMC cluster of 6.4.x managing it. We run it in transparent mode because of historical reasons. It works fine, but one thing I don't really understand. In ACP we have default action as N...
"Internal users" available under the 'Monitor' menu shows lists of user addresses that you can click on, leading over to useful Message Tracking details. However one of the most common entries is one like "No User Information"e.g. try https://YO...
Hi all, I have read the admin guide for license topic, but I got confused about license enforcement. https://www.cisco.com/c/en/us/td/docs/security/ise/3-1/admin_guide/b_ise_admin_3_1/b_ISE_admin_31_licensing.html From the guide, it says "I...