Question
What are the "qualifying products" that entitle me to access to Cisco Threat Response?
Answer
Here is the current list:
AMP for Endpoints (Public Cloud only)
Threat Grid (Public Cloud portal licenses only)
Umbrella (Insights or Platform license)
Firepower devices (Firepower software v6.3 or higher)
ESA (SMA-managed, v12.0 or higher)
... View more
Question
Where can I find out how to integrate my Cisco products with Threat Response?
Answer
There are quick start guides and instructional videos to help you get set up with your Cisco products and the Cisco Threat Response platform.
Quick Start Guides:
https://cs.co/ctr_umbrella
https://cs.co/email_security
https://cisco.com/go/firepower-ctr-integration-docs
Videos:
https://cs.co/ctr_configuration_guides
Modules covered in the playlist above:
AMP for Endpoints
Umbrella
... View more
Question
What is the largest amount of text or observables I can submit to Threat Response?
Answer
Threat Response investigations support text input of up to 2000 characters. This limit applies at the API level, so it is in effect for the investigate UI, the browser plugin(s), and any integration pivots. Longer text inputs may not result in proper or timely harvesting of all included observables, and are not supported. The relations graph is hard-limited to 200 nodes, including both investigated observables and returned enrichment items. Any more than that and the human eye and mind simply have trouble parsing the results. For that reason, and for performance reasons, we recommend no more than 50 observables be investigated at once.
... View more
The person above who said Windows 7 64bit and Windows 10, was correct. For documentation of this; it's not the prettiest answer possible, but the release notes document when various target operating systems were added or removed. https://www.cisco.com/c/dam/en/us/td/docs/security/amp_threatgrid/threat-grid-appliance-release-notes-v2-5.pdf
----------------
Version 2.0 Released 2/11/2016 [...] Windows 7 64-bit VMs are now supported. Version 2.3 Released 8/11/2017 Windows XP is removed, even from appliances where they were previously grandfathered in. Windows 7 is now 64-bit only. Version 2.5 Released 9/14/2018 [...] This is the first appliance release to include support for Windows 10.
----------------
Hope that helps.
... View more
Question
How can I get early access to beta features?
Answer
You can apply to join the Cisco Security Beta Program at this link: http://cs.co/security-beta-nomination Participants receive early access to new features and direct lines to engineering, in exchange for their candid insights and feedback on feature applicability and quality. Many of our top customers participate in this program, and have not only a head start on getting valuable upgrades, but also direct influence on product design as a result. .
... View more
Question
What are the capabilities of, and licensing requirements for, each of the current modules that integrate Cisco and third party products and threat intelligence into Cisco Threat Response?
Answer
Modules
License/Ver Required
Local Sightings
Dispositions, Judgements and Verdicts
Remediation
Reference
Incidents
Umbrella
Investigate API
“Platform” with “Investigate” add-on, or any other except “Professional”
IP and Domain
IP, URL, File hash & Domain
Enforcement API
"Essentials", "Advantage", or "Platform" license
Block Domains
Reporting API
Any
Domains
AMP for Endpoints
Public Cloud
IP, URL, File hash & Domain
Block Files
Isolate Hosts
IP, URL, File hash & Domain
AMP Global Intelligence
N/A
IP, URL, File hash & Domain
AMP File Reputation
N/A
File hash
Threat Grid
Public Cloud
IP, URL, File hash & Domain
Talos
N/A
IP, URL, File hash & Domain
IP, URL, File hash & Domain
VirusTotal
VirusTotal account (free)
IP, URL, File hash & Domain
SMA/CES/ESA
v12.0+
+AMP license to see attachment hashes
Email Sender
Email Subject
Message ID
Attachment file name
Attachment file hash
Firepower Devices
v6.3+
IPs (from Intrusion Events)
IPS Alerts
... View more
.jpg "VIP Advisor"){kind=icon}
