Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Threat Grid's File Analysis Client ID on Content Security Appliances (ESA, SMA, WSA) and DC/FMC

Available Languages

Download Options

  • PDF     (350.6 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (354.8 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (301.9 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:January 18, 2021
Document ID:213667

    Introduction

    This document describes how to find or construct the 65 character Threat Grid's File Analysis Client ID associated with Cisco Content Security Appliances, Email Security Appliance (ESA), Security Management Appliance (SMA), and Web Security Appliance (WSA), or from Cisco Defense Center (DC) or FirePower Management Center (FMC).

    File Analysis Client ID on Content Security Appliances

    ESA GUI

    1. Security Services > File Reputation and Analysis
    2. Click Edit Global Settingsā€¦
    3. Expand Advanced Settings for File Analysis

    The File Analysis Client ID is listed here.

    vESA running AsyncOS 10.0.0-203 for Email Security example:

    Note: There is a difference in the File Analysis Client ID for virtual appliance vs. hardware appliance.

    The File Analysis Client ID is based on the following 65 character string format:

    Value  Explanation
    01_ ESA
    VLNESAXXXYYY_

    If this is a virtual appliance, it uses the VLN license # (which is found from CLI with showlicense).  If this is a hardware appliance, there is no field.
    SERIAL_

    This will be the FULL serial of the appliance (which is found from CLI with version).
    CX00V_

    This is the model of appliance (again, from from version on the CLI).  This will again vary, if it is a virtual appliance vs. hardware appliance.
    00000000 Trailing zeros.  These will vary, based on the previous fields, in order to finish out the field of 65 characters.

    SMA GUI

    1. Centralized Management > Security Appliances

    In the bottom section, File Analysis, the File Analysis Client ID is listed here.

    vSMA running AsyncOS 9.6.0-051 for Security Management example:

    Note: There is a difference in the File Analysis Client ID for virtual appliance vs. hardware appliance.

    The File Analysis Client ID is based on the following 65 character string format:

    Value  Explanation
    06_

    SMA
    VLNSMAXXXYYY_

    If this is a virtual appliance, it uses the VLN license # (which is found from CLI with showlicense).  If this is a hardware appliance, there is no field.
    SERIAL_

    This will be the FULL serial of the appliance (which is found from CLI with version).
    MX00V_

    This is the model of appliance (again, from from version on the CLI).  This will again vary, if it is a virtual appliance vs. hardware appliance.
    000000

    Trailing zeros.  These will vary, based on the previous fields, in order to finish out the field of 65 characters.

    WSA GUI

    1. Security Services > Anti-Malware and Reputation
    2. Click Edit Global Settingsā€¦
    3. In the Advanced Malware and Protection Services section, expand Advanced
    4. Expand the Advanced Settings for File Analysis

    The File Analysis Client ID is listed here.

    WSA running AsyncOS 9.1.1-041 for Web Security example:

    Note: There is a difference in the File Analysis Client ID for virtual appliance vs. hardware appliance.

    The File Analysis Client ID is based on the following 65 character string format:

    Value  Explanation
    02_ WSA
    VLNWSAXXXYYY_

    If this is a virtual appliance, it uses the VLN license # (which is found from CLI with showlicense).  If this is a hardware appliance, there is no field.
    SERIAL_

    This will be the FULL serial of the appliance (which is found from CLI with version).
    SX00V_

    This is the model of appliance (again, from from version on the CLI).  This will again vary, if it is a virtual appliance vs. hardware appliance.
    000000 Trailing zeros.  These will vary, based on the previous fields, in order to finish out the field of 65 characters.

    FMC/DC GUI

    To get API Key (File Analysis ID) for FMC/DC, from the CLI run:

    perl -MFlyLoader -e "print SF::Files::Analysis::get_apikey()"

    Note: On some hardware there are multiple installations of Perl.  Running the default installation of Perl may not execute the command correctly.  If there are seen output errors, specify the following, direct path when calling Perl: /ngfw/usr/bin/perl -MFlyLoader -e "print SF::Files::Analysis::get_apikey()"

    1. Navigate to AMP >Dynamic Analysis Connections
    2. On the right side of the menu item panacea.threatgrid.com click on the Associate Icon.
    3. A pop-up will appear, click Yes to complete the association.
    4. Verify on the end of the URL the File Analysis Client ID. The ID begins after the devices%3D to the end of the URL.

     Example:

    1.  Navigating Menu

     2. Associating the FMC 

    3. Confirming Association

    4. Verifying the File Analysis Client ID

    How to use Client ID in the Threat Grid Cloud

    The Client ID can then be searched in the Threat Grid to find samples submitted by the device.

    1. Log in to the Threat Grid portal (e.g. https://panacea.threatgrid.com) with your org-admin account.

    2. Navigate to Administration > Manage Users.

    3. Paste your Client ID in the Filter field and press Return.

    Tip: If you cannot find your device on the list, check search filters.

    4. If the device has access to the cloud, you can expect it to appear on the list.

    5. When you click the Login of the device, details will appear with the samples list.

    Related Information

    TAC Authored

    Contributed by Cisco Engineers

    • Robert Sherwin
      Cisco Technical Marketing Engineer

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    Related Cisco Community Discussions

    This Document Applies to These Products

    About Us
    Contact Us
    Work with Us