THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
|Affected OS Type
|Affected Release Number
10.1.0, 10.0.0, 10.1.1, 10.1.2, 10.5.1, 10.1.3, 10.5.1_LD
9.1.1, 9.0.0, 9.0.1, 9.1.3, 9.2.0, 9.1.2
8.0.6, 8.5.0, 8.5.1, 8.0.5, 8.8.0, 8.7.0, 8.5.3, 8.5.2, 8.5.4, 8.6.0
|Cognitive Threat Analytics migrating to AWS Cloud
Cisco Cognitive Threat Analytics (CTA) will be migrated to a new location, which results in new URLs and IP addresses for access and use of the service.
In order to help ensure future flexibility and performance, Cisco CTA will be migrated to the Amazon Web Services (AWS) Cloud.
The migration will take place in two phases:
- The first phase covers the migration of the CTA Landing Page, CTA Portal, API Services, and Trusted Automated eXchange of Indicator Information (TAXII) service.
- The second phase covers the migration of the data ingest services.
This Field Notice covers the changes related to the first phase of the migration only. A subsequent Field Notice that covers the second phase of the migration will be published at a later date.
The switchover is scheduled to take place on Monday, August 20 2018 7:00 - 9:00 a.m. CEST (Sunday, August 19 10:00 p.m. - midnight Pacific).
During the switchover, there will be a two hour maintenance window required to resync data from the old data center to the AWS data center during which the CTA user interface, Structured Threat Information eXpression (STIX)/TAXII services, and integration services will be unavailable. Data ingest will continue to accept customer telemetry, but no new devices can be provisioned during the maintenance break.
As a consequence of the migration, you might need to perform changes in order to use the service unaffected.
Failure to perform the needed changes will not result in loss of data analytics, but might result in loss of access to the CTA portal as well as a stop of import into your security information and event management (SIEM) solution should you use one.
The current URLs will stay unchanged, but point to new IP addresses after migration. In order to continue to use the service after the completed switchover, you should make these changes:
- If you have access control lists (ACLs) in place in your firewall that limit outbound access, and these ACLs are IP address-based, you must add the new IP addresses/ranges. Allow both AWS Elastic IP (EIP) addresses and Cisco IP addresses listed in the table.
- If you use the API offered by Cisco CTA to export your security data into your own SIEM solution, and you reference Cisco's API by IP address and not by URL, Cisco recommends that you change your setting in your SIEM solution to use the URL.
If you cannot use the URL in your SIEM solution, you can change your settings to point to one of the IP addresses, but in that case Cisco cannot guarantee the service availability. If you need the service to always be available you need to use the URL, as high availability will be implemented with Domain Name System (DNS).
Refer to the tables for the new as well as the current URLs and IP addresses.
Current URLs and IP Addresses
|CTA public landing page
|CTA login page
|CTA TAXII service
New URLs and IP Addresses
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Receive Email Notification For New Field Notices
Cisco Notification Service—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.