Table of Contents
Advertisement
Cisco AMP Threat Grid Appliance Setup and Configuration Guide
INTRODUCTION
INTRODUCTION
A Cisco AMP Threat Grid Appliance provides safe and highly secure on-premises advanced malware
analysis, with deep threat analytics and content. Threat Grid Appliances provide the complete Threat Grid
malware analysis platform, installed on a single UCS server (UCS C220-M3 or C220 M4). They empower
organizations operating under various compliance and policy restrictions, to submit malware samples to the
appliance.
Many organizations that handle sensitive data, such as banks, health services, etc., must follow various
regulatory rules and guidelines that will not allow certain types of files, such as malware artifacts, to be
sent outside of the network for malware analysis. By maintaining a Cisco AMP Threat Grid Appliance on-
premises, organizations are able to send suspicious documents and files to it to be analyzed without
leaving the network.
With an AMP Threat Grid Appliance, security teams can analyze all samples using proprietary and highly
secure static and dynamic analysis techniques. The appliance correlates the analysis results with hundreds
of millions of previously analyzed malware artifacts, to provide a global view of malware attacks and
campaigns, and their distributions. A single sample of observed activity and characteristics can quickly be
correlated against millions of other samples to fully understand its behaviors within an historical and global
context. This ability helps security teams to effectively defend the organization against threats and attacks
from advanced malware.
Who This Guide Is For
Before a new appliance can be used for malware analysis, it must be set up and configured for the
organization's network. This guide is for the security team IT staff tasked with setting up and configuring a
new Threat Grid Appliance.
This document describes how to complete the initial setup and configuration for a new Threat Grid
Appliance, up to the point where malware samples can be submitted to it for analysis.
For more information, please see the Cisco AMP Threat Grid Appliance Administrator's Guide, which can
be found on the
Install and Upgrade page
Release Notes
For detailed updates information, see the Release Notes, which may be found in the OpAdmin Portal:
Operations menu > Update Appliance
Formatted PDF versions of the Threat Grid Appliance Release Notes are also available online with the other
Threat Grid Appliance documentation:
http://www.cisco.com/c/en/us/support/security/amp-threat-grid-appliances/products-installation-
guides-list.html
Version Lookup Table
For a list of Threat Grid Appliance release information see the Threat Grid Appliance Administrator's Guide
section Installing Updates.
Note:
To view the release notes for the Threat Grid Portal UI, click Help in the UI's navigation bar.
on Cisco.com.
1
Advertisement
Table of Contents
