Cisco AMP Threat Grid Analysis

Updated 2 months ago by TruSTAR

This document explains how to set up the Cisco Threat Grid Analysis premium intelligence source in the TruSTAR platform

Cisco Threat Grid Analysis combines advanced sandboxing with threat intelligence into one unified solution to protect organizations from malware.

  • Source Type: Premium Intel
  • Update Type: Feed-based
  • Update Frequency: 15 minutes
  • Parser: Yes
  • Time to Install: 10 minutes

Observables Supported

  • IP
  • Domain
  • URL (Domains are extracted from URL)
  • SHA256
  • SHA1
  • MD5
  • REGISTRY_KEY

Requirements

  • A license for Cisco Threat Grid.
  • Access to the Threat Grid portal to generate an API key.
TruSTAR Admin rights are required to activate this premium intelligence source.

Getting Started

  1. Log into the TruSTAR Web App.
  2. Click the Marketplace icon on the left side icon list.
  3. Choose Premium Intel.
  4. Click Subscribe on the Cisco Threat Grid Indicator Query box.
  5. Enter your Cisco API key and click Save Credentials & Request Subscription.

TruSTAR will validate the integration within 48 hours and send an email when the integration has been enabled.

Known Issues

No reported issues.

Please contact support@trustar.co if you have issues with this integration.


How Did We Do?