File Analysis Client ID on Content Security Appliances (ESA, SMA, WSA) and DC/FMC
Available Languages
Contents
Introduction
This document describes how to find or construct the 65 character File Analysis Client ID associated with Cisco Content Security Appliances, Email Security Appliance (ESA), Security Management Appliance (SMA), and Web Security Appliance (WSA), or from Cisco Defense Center (DC) or FirePower Management Center (FMC).
File Analysis Client ID on Content Security Appliances
ESA GUI
- Security Services > File Reputation and Analysis
- Click Edit Global Settingsā¦
- Expand Advanced Settings for File Analysis
The File Analysis Client ID is listed here.
vESA running AsyncOS 10.0.0-203 for Email Security example:
The File Analysis Client ID is based on the following 65 character string format:
| Value | Explanation |
| 01_ | ESA |
| VLNESAXXXYYY_ |
If this is a virtual appliance, it uses the VLN license # (which is found from CLI with showlicense). If this is a hardware appliance, there is no field. |
| SERIAL_ |
This will be the FULL serial of the appliance (which is found from CLI with version). |
| CX00V_ |
This is the model of appliance (again, from from version on the CLI). This will again vary, if it is a virtual appliance vs. hardware appliance. |
| 00000000 | Trailing zeros. These will vary, based on the previous fields, in order to finish out the field of 65 characters. |
SMA GUI
- Centralized Management > Security Appliances
In the bottom section, File Analysis, the File Analysis Client ID is listed here.
vSMA running AsyncOS 9.6.0-051 for Security Management example:
The File Analysis Client ID is based on the following 65 character string format:
| Value | Explanation |
| 06_ | SMA |
| VLNSMAXXXYYY_ |
If this is a virtual appliance, it uses the VLN license # (which is found from CLI with showlicense). If this is a hardware appliance, there is no field. |
| SERIAL_ |
This will be the FULL serial of the appliance (which is found from CLI with version). |
| MX00V_ |
This is the model of appliance (again, from from version on the CLI). This will again vary, if it is a virtual appliance vs. hardware appliance. |
| 000000 | Trailing zeros. These will vary, based on the previous fields, in order to finish out the field of 65 characters. |
WSA GUI
- Security Services > Anti-Malware and Reputation
- Click Edit Global Settingsā¦
- In the Advanced Malware and Protection Services section, expand Advanced
- Expand the Advanced Settings for File Analysis
The File Analysis Client ID is listed here.
WSA running AsyncOS 9.1.1-041 for Web Security example:
The File Analysis Client ID is based on the following 65 character string format:
| Value | Explanation |
| 02_ | WSA |
| VLNWSAXXXYYY_ |
If this is a virtual appliance, it uses the VLN license # (which is found from CLI with showlicense). If this is a hardware appliance, there is no field. |
| SERIAL_ |
This will be the FULL serial of the appliance (which is found from CLI with version). |
| SX00V_ |
This is the model of appliance (again, from from version on the CLI). This will again vary, if it is a virtual appliance vs. hardware appliance. |
| 000000 | Trailing zeros. These will vary, based on the previous fields, in order to finish out the field of 65 characters. |
FMC/DC GUI
To get API Key (File Analysis ID) for FMC/DC, from the CLI run:
perl -MFlyLoader -e "print SF::Files::Analysis::get_apikey()"
- Navigate to AMP >Dynamic Analysis Connections
- On the right side of the menu item panacea.threatgrid.com click on the Associate Icon.
- A pop-up will appear, click Yes to complete the association.
- Verify on the end of the URL the File Analysis Client ID. The ID begins after the devices%3D to the end of the URL.
Example:
1. Navigating Menu
2. Associating the FMC
3. Confirming Association
4. Verifying the File Analysis Client ID
Related Information
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)