Threat Grid's File Analysis Client ID on Content Security Appliances (ESA, SMA, WSA) and DC/FMC

Available Languages

Download Options

PDF (350.6 KB)
View with Adobe Reader on a variety of devices
ePub (354.8 KB)
View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle) (301.9 KB)
View on Kindle device or Kindle app on multiple devices

Updated:January 18, 2021

Document ID:213667

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

File Analysis Client ID on Content Security Appliances

How to use Client ID in the Threat Grid Cloud

Related Information

Introduction

This document describes how to find or construct the 65 character Threat Grid's File Analysis Client ID associated with Cisco Content Security Appliances, Email Security Appliance (ESA), Security Management Appliance (SMA), and Web Security Appliance (WSA), or from Cisco Defense Center (DC) or FirePower Management Center (FMC).

File Analysis Client ID on Content Security Appliances

ESA GUI

Security Services > File Reputation and Analysis
Click Edit Global Settings…
Expand Advanced Settings for File Analysis

The File Analysis Client ID is listed here.

vESA running AsyncOS 10.0.0-203 for Email Security example:

Note: There is a difference in the File Analysis Client ID for virtual appliance vs. hardware appliance.

The File Analysis Client ID is based on the following 65 character string format:

Value	Explanation
01_	ESA
VLNESAXXXYYY_	If this is a virtual appliance, it uses the VLN license # (which is found from CLI with showlicense). If this is a hardware appliance, there is no field.
SERIAL_	This will be the FULL serial of the appliance (which is found from CLI with version).
CX00V_	This is the model of appliance (again, from from version on the CLI). This will again vary, if it is a virtual appliance vs. hardware appliance.
00000000	Trailing zeros. These will vary, based on the previous fields, in order to finish out the field of 65 characters.

SMA GUI

Centralized Management > Security Appliances

In the bottom section, File Analysis, the File Analysis Client ID is listed here.

vSMA running AsyncOS 9.6.0-051 for Security Management example:

Note: There is a difference in the File Analysis Client ID for virtual appliance vs. hardware appliance.

The File Analysis Client ID is based on the following 65 character string format:

Value	Explanation
06_	SMA
VLNSMAXXXYYY_	If this is a virtual appliance, it uses the VLN license # (which is found from CLI with showlicense). If this is a hardware appliance, there is no field.
SERIAL_	This will be the FULL serial of the appliance (which is found from CLI with version).
MX00V_	This is the model of appliance (again, from from version on the CLI). This will again vary, if it is a virtual appliance vs. hardware appliance.
000000	Trailing zeros. These will vary, based on the previous fields, in order to finish out the field of 65 characters.

WSA GUI

Security Services > Anti-Malware and Reputation
Click Edit Global Settings…
In the Advanced Malware and Protection Services section, expand Advanced
Expand the Advanced Settings for File Analysis

The File Analysis Client ID is listed here.

WSA running AsyncOS 9.1.1-041 for Web Security example:

Note: There is a difference in the File Analysis Client ID for virtual appliance vs. hardware appliance.

The File Analysis Client ID is based on the following 65 character string format:

Value	Explanation
02_	WSA
VLNWSAXXXYYY_	If this is a virtual appliance, it uses the VLN license # (which is found from CLI with showlicense). If this is a hardware appliance, there is no field.
SERIAL_	This will be the FULL serial of the appliance (which is found from CLI with version).
SX00V_	This is the model of appliance (again, from from version on the CLI). This will again vary, if it is a virtual appliance vs. hardware appliance.
000000	Trailing zeros. These will vary, based on the previous fields, in order to finish out the field of 65 characters.

FMC/DC GUI

To get API Key (File Analysis ID) for FMC/DC, from the CLI run:

perl -MFlyLoader -e "print SF::Files::Analysis::get_apikey()"

Note: On some hardware there are multiple installations of Perl. Running the default installation of Perl may not execute the command correctly. If there are seen output errors, specify the following, direct path when calling Perl: /ngfw/usr/bin/perl -MFlyLoader -e "print SF::Files::Analysis::get_apikey()"

Navigate to AMP >Dynamic Analysis Connections
On the right side of the menu item panacea.threatgrid.com click on the Associate Icon.
A pop-up will appear, click Yes to complete the association.
Verify on the end of the URL the File Analysis Client ID. The ID begins after the devices%3D to the end of the URL.

Example:

1. Navigating Menu