Cisco AMP Threat Grid Indicator Query
This document explains how to set up the Cisco AMP Threat Grid Indicator Query premium intelligence source in the TruSTAR platform.
Cisco Threat Grid combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware.
- Source Type: Premium Intel
- Update Type: Query-based
- Parser: Yes
- Time to Install: 10 minutes
- URL (Domains are extracted from URL)
- Subscription to Cisco AMP Threat Grid
- Cisco AMP Threat Grid API key.
- Log into the TruSTAR Web App.
- Click the Marketplace icon on the left side menu.
- Choose Premium Intel.
- Click Subscribe on the Cisco Amp Threat Grid Analysis Feeds box.
- Enter your your API key and then click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
TruSTAR Report Mapping
The information retrieved from this intelligence source is stored in the CiscoAMP Threat Grid Enclave using this format.
IP <IOC Value> Example:
Encoded value of (IP <<IOC Value>
Entire JSON content received from Cisco Threat Grid
As per workflow logic(use severity score)
No reported issues.