Integrating the Appliance with Cisco Threat Response Portal
You can integrate your appliance with the Cisco Threat Response portal, and perform the following actions in the Cisco Threat Response portal:
-
View the email reporting, message tracking, and web tracking data from multiple appliances in your organization.
-
Identify, investigate and remediate threats observed in the email reports, message tracking and web tracking.
-
Resolve the identified threats rapidly and provide recommended actions to take against the identified threats.
-
Document the threats in the portal to save the investigation, and enable collaboration of information among other devices on the portal.
To integrate your appliance with Cisco Threat Response portal, you need to register your appliance with the Cisco Threat Response portal.
You can access the Cisco Threat Response portal using the following URLs:
Note |
If you access the Cisco Threat Response portal using a regional URL - https://visibility.apjc.amp.cisco.com, the Cisco Threat Response integration with your appliance is not currently supported. |
Before you begin
-
Make sure that you create a user account in Cisco Threat Response portal with admin access rights. To create a new user account, go to the Cisco Threat Response portal login page using the following URL - https://visibility.amp.cisco.com and click Create a Cisco Security account in the login page. If you are unable to create a new user account, contact Cisco TAC for assistance.
-
Make sure that you enable Cisco Threat Response integration on the Cisco Security Services Exchange (SSE) portal. For more information, see the Cisco Threat Grid documentation at https://visibility.amp.cisco.com/#/help/module-sma.
-
Make sure that you open HTTPS (In and Out) 443 port on the firewall for the following FQDNs to register your appliance with the Cisco Threat Response portal:
-
api-sse.cisco.com
-
est.sco.cisco.com
-
api.eu.sse.itd.cisco.com
-
For more information, see Firewall Information.
Procedure
Step 1 |
Log in to your appliance. |
Step 2 |
Select Networks > Cloud Service Settings. |
Step 3 |
Click Edit Settings. |
Step 4 |
Check Enable. |
Step 5 |
Choose the required Cisco Threat Response server to connect your appliance to the Cisco Threat Response portal. |
Step 6 |
Submit and commit your changes. |
Step 7 |
Navigate back to the Cloud Service Settings page after few minutes to register your appliance with the Cisco Threat Response portal. |
Step 8 |
Obtain a registration token from the Cisco Threat Response portal to register your appliance with the Cisco Threat Response portal. For more information, see the Cisco Threat Grid documentation at https://visibility.amp.cisco.com/#/help/module-sma. |
Step 9 |
Enter the registration token obtained from the Cisco Threat Response portal and click Register. |
Step 10 |
Add your appliance as an integration module to the Cisco Threat Response portal. For more information, see the Cisco Threat Grid documentation at https://visibility.amp.cisco.com/#/help/module-sma. |
What to do next
-
After you add your appliance as an integration module in the Cisco Threat Response portal, you can view the email reporting, message tracking, and web tracking information from your appliance in the Cisco Threat Response portal. For more information, see the Cisco Threat Grid documentation at https://visibility.amp.cisco.com/#/help/module-sma.
Note
To deregister your appliance connection from the Cisco Threat Response portal, click Deregister in the Cloud Services Settings page in your appliance.
-
If you want to switch to another Cisco Threat Response server (for example, 'Europe - api.eu.sse.itd.cisco.com'), you must first deregister your appliance from the Cisco Threat Response Portal and follow steps 1-9 of the 'Integrating the Appliance with Cisco Threat Response Portal' procedure.