Integrating the Appliance with Cisco Threat Response
You can integrate your appliance with Cisco Threat Response, and perform the following actions in Cisco Threat Response:
-
View the email and web reporting data from multiple appliances in your organization.
-
Identify, investigate and remediate threats observed in the email reports, message tracking and web tracking.
-
Resolve the identified threats rapidly and provide recommended actions to take against the identified threats.
-
Document the threats to save the investigation, and enable collaboration of information among other devices.
To integrate your appliance with Cisco Threat Response, you need to register your appliance with Cisco Threat Response.
You can access Cisco Threat Response using the following URLs:
Before you begin
-
Make sure that you create a user account in Cisco Threat Response with admin access rights. To create a new user account, go to Cisco Threat Response login page using the following URL - https://visibility.amp.cisco.com and click Create a Cisco Security account in the login page. If you are unable to create a new user account, contact Cisco TAC for assistance.
-
Make sure that you enable Cisco Threat Response integration on the Cisco Security Services Exchange (SSE) portal. For more information, see the Cisco Threat Response documentation at https://visibility.amp.cisco.com/#/help/module-sma.
-
[Only if you are not using a proxy server.] Make sure that you open HTTPS (In and Out) 443 port on the firewall for the following FQDNs to register your appliance with Cisco Threat Response:
-
api.apj.sse.itd.cisco.com (applicable for APJC users only)
-
api.eu.sse.itd.cisco.com (applicable for European Union (EU) users only)
-
api-sse.cisco.com (applicable for NAM users only)
-
For more information, see Firewall Information.
Procedure
Step 1 |
Log in to your appliance. |
||
Step 2 |
Select Networks > Cloud Service Settings. |
||
Step 3 |
Click Edit Settings. |
||
Step 4 |
Check Enable. |
||
Step 5 |
Choose the required Cisco Threat Response server to connect your appliance to Cisco Threat Response. |
||
Step 6 |
[Optional] Choose Use Proxy to connect your appliance to Cisco Threat Response using a proxy server.
|
||
Step 7 |
Submit and commit your changes. |
||
Step 8 |
Navigate back to the Cloud Service Settings page after few minutes to register your appliance with Cisco Threat Response. |
||
Step 9 |
Obtain a registration token from Cisco Threat Response to register your appliance with Cisco Threat Response . For more information, see the Cisco Threat Response documentation at https://visibility.amp.cisco.com/#/help/module-sma. |
||
Step 10 |
Enter the registration token obtained from Cisco Threat Response and click Register. |
||
Step 11 |
Add your appliance as an integration module to Cisco Threat Response. For more information, see the Cisco Threat Response documentation at https://visibility.amp.cisco.com/#/help/module-sma. |
What to do next
-
After you add your appliance as an integration module in Cisco Threat Response, you can view the email and web reporting, and message tracking information from your appliance in Cisco Threat Response. For more information, see the Cisco Threat Response documentation at https://visibility.amp.cisco.com/#/help/module-sma.
Note
To deregister your appliance connection from Cisco Threat Response, click Deregister in the Cloud Services Settings page in your appliance.
-
You can now configure web modules on Cisco Threat Response.
Navigate to Settings > Integration Modules > Configure Modules > SMA Web - Cisco Content Security Management Appliance - Web on Cisco Threat Response.
For more information, see https://visibility.amp.cisco.com/?beta-modules=1.
Note
This feature is still in BETA.
-
If you want to switch to another Cisco Threat Response server (for example, 'Europe - api.eu.sse.itd.cisco.com'), you must first deregister your appliance from Cisco Threat Response and follow steps 1-9 of the 'Integrating the Appliance with Cisco Threat Response' procedure.
Note |
After you have integrated your appliance with Cisco Threat Response, you do not need to integrate your Email Security appliance with Cisco Threat Response because the email and web reporting features are centralized. |