PDF(309.2 KB) View with Adobe Reader on a variety of devices
ePub(315.6 KB) View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle)(374.5 KB) View on Kindle device or Kindle app on multiple devices
Updated:June 1, 2020
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
This document describes the steps to Integrate Cisco Threat Response (CTR) with Threat Grid (TG) Cloud in order to perform CTR investigations.
Contributed by Jesus Javier Martinez, and Edited by Yeraldin Sanchez, Cisco TAC Engineers.
Cisco recommends that you have knowledge of these topics:
Cisco Threat Response
The information in this document is based on these software versions:
CTR console (User account with Administrator rights)
Threat Grid console (User account with Administrator rights)
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Cisco Threat Grid is an advanced and automated malware analysis and malware threat intelligence platform in which suspicious files or web destinations can be detonated without impacting the user environment.
In the integration with Cisco Threat Response, Threat Grid is a reference module and provides the ability to pivot into the Threat Grid Portal to gather additional intelligence about file hashes, IPs, domains, and URLs in the Threat Grid knowledge store.
Step 1. Log in to Threat Grid using Administrator credentials.
Step 2. Navigate to My Account section, as shown in the image.
Step 3. Navigate to the Connections section and select Connect Threat Response option as shown in the image.
Sep 4. Select Authorize option in order to allow Threat Grid to access to Cisco Threat Response, as shown in the image.
Step 5. Select Authorize Threat Grid option in order to grant application access, as shown in the image.
Step 6. The Access Authorized message appears to verify Threat Grid has access to Threat Response threat intelligence and enrichment capabilities, as shown in the image.
Use this section to confirm that your configuration works properly.
In order to verify the CTR and TG Integration, you can do an Investigation on CTR console, when all Investigation details appear, you are able to see Threat Grid option, as shown in the image.
You can select Browse or Search Threat Grid option and it redirects into the Threat Grid Portal to gather additional intelligence about files / hashes / IPs / domains / URLs in the Threat Grid knowledge store, as shown in the image.