Introduction
This document describes how to find or construct the 65 character Threat Grid's File Analysis Client ID associated with Cisco Content Security Appliances, Email Security Appliance (ESA), Security Management Appliance (SMA), and Web Security Appliance (WSA), or from Cisco Defense Center (DC) or FirePower Management Center (FMC).
File Analysis Client ID on Content Security Appliances
ESA GUI
- Security Services > File Reputation and Analysis
- Click Edit Global Settingsā¦
- Expand Advanced Settings for File Analysis
The File Analysis Client ID is listed here.
vESA running AsyncOS 10.0.0-203 for Email Security example:

Note: There is a difference in the File Analysis Client ID for virtual appliance vs. hardware appliance.
The File Analysis Client ID is based on the following 65 character string format:
Value |
Explanation |
01_ |
ESA |
VLNESAXXXYYY_ |
If this is a virtual appliance, it uses the VLN license # (which is found from CLI with showlicense). If this is a hardware appliance, there is no field.
|
SERIAL_ |
This will be the FULL serial of the appliance (which is found from CLI with version).
|
CX00V_ |
This is the model of appliance (again, from from version on the CLI). This will again vary, if it is a virtual appliance vs. hardware appliance.
|
00000000 |
Trailing zeros. These will vary, based on the previous fields, in order to finish out the field of 65 characters. |
SMA GUI
- Centralized Management > Security Appliances
In the bottom section, File Analysis, the File Analysis Client ID is listed here.
vSMA running AsyncOS 9.6.0-051 for Security Management example:

Note: There is a difference in the File Analysis Client ID for virtual appliance vs. hardware appliance.
The File Analysis Client ID is based on the following 65 character string format:
Value |
Explanation |
06_ |
SMA
|
VLNSMAXXXYYY_ |
If this is a virtual appliance, it uses the VLN license # (which is found from CLI with showlicense). If this is a hardware appliance, there is no field.
|
SERIAL_ |
This will be the FULL serial of the appliance (which is found from CLI with version).
|
MX00V_ |
This is the model of appliance (again, from from version on the CLI). This will again vary, if it is a virtual appliance vs. hardware appliance.
|
000000 |
Trailing zeros. These will vary, based on the previous fields, in order to finish out the field of 65 characters.
|
WSA GUI
- Security Services > Anti-Malware and Reputation
- Click Edit Global Settingsā¦
- In the Advanced Malware and Protection Services section, expand Advanced
- Expand the Advanced Settings for File Analysis
The File Analysis Client ID is listed here.
WSA running AsyncOS 9.1.1-041 for Web Security example:

Note: There is a difference in the File Analysis Client ID for virtual appliance vs. hardware appliance.
The File Analysis Client ID is based on the following 65 character string format:
Value |
Explanation |
02_ |
WSA |
VLNWSAXXXYYY_ |
If this is a virtual appliance, it uses the VLN license # (which is found from CLI with showlicense). If this is a hardware appliance, there is no field.
|
SERIAL_ |
This will be the FULL serial of the appliance (which is found from CLI with version).
|
SX00V_ |
This is the model of appliance (again, from from version on the CLI). This will again vary, if it is a virtual appliance vs. hardware appliance.
|
000000 |
Trailing zeros. These will vary, based on the previous fields, in order to finish out the field of 65 characters. |
FMC/DC GUI
To get API Key (File Analysis ID) for FMC/DC, from the CLI run:
perl -MFlyLoader -e "print SF::Files::Analysis::get_apikey()"
Note: On some hardware there are multiple installations of Perl. Running the default installation of Perl may not execute the command correctly. If there are seen output errors, specify the following, direct path when calling Perl: /ngfw/usr/bin/perl -MFlyLoader -e "print SF::Files::Analysis::get_apikey()"
- Navigate to AMP >Dynamic Analysis Connections
- On the right side of the menu item panacea.threatgrid.com click on the Associate Icon.
- A pop-up will appear, click Yes to complete the association.
- Verify on the end of the URL the File Analysis Client ID. The ID begins after the devices%3D to the end of the URL.
Example:
1. Navigating Menu

2. Associating the FMC

3. Confirming Association

4. Verifying the File Analysis Client ID


How to use Client ID in the Threat Grid Cloud
The Client ID can then be searched in the Threat Grid to find samples submitted by the device.
1. Log in to the Threat Grid portal (e.g. https://panacea.threatgrid.com) with your org-admin account.
2. Navigate to Administration > Manage Users.
3. Paste your Client ID in the Filter field and press Return.
Tip: If you cannot find your device on the list, check search filters.
4. If the device has access to the cloud, you can expect it to appear on the list.
5. When you click the Login of the device, details will appear with the samples list.
Related Information