Cisco AMP Threat Grid
This document explains how to set up and use Cisco AMP Threat Grid with TruSTAR Station.
Cisco Threat Grid combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware.
- Time to Install: 10 minutes
- Type of Feed: Automatic updates
- Update Frequency: 15 minutes
- Intel Type: Premium Feed
The integration pulls these observables from Cisco Threat Grid:
- URL (Domains are extracted from URL)
- Subscription to Cisco AMP Threat Grid
- Cisco AMP Threat Grid API key.
- Log into TruSTAR Station.
- Click the Marketplace icon on the left side menu.
- Choose Closed Sources.
- Click Subscribe on the Cisco Amp Threat Grid Analysis Feeds box.
- Enter your your API key and then click Save Credentials & Request Subscription.
TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.
TruSTAR Report Mapping
IP <IOC Value> Example: IP 126.96.36.199
Encoded value of (IP <<IOC Value> Example: IP 188.8.131.52
Entire JSON content received from Cisco Threat Grid
Timestamp Example: 2018-01-18T01:35:17Z)
As per workflow logic(use severity score)
No reported issues.