Integrating the Appliance with Cisco Threat Response
You can integrate your appliance with Cisco Threat Response, and perform the following actions in Cisco Threat Response:
-
View the email reporting, message tracking, and web tracking data from multiple appliances in your organization.
-
Identify, investigate and remediate threats observed in the email reports, message tracking, and web tracking.
-
Resolve the identified threats rapidly and provide recommended actions to take against the identified threats.
-
Document the threats to save the investigation, and enable collaboration of information among other devices.
Note |
In a clustered configuration, you can only register your logged-in appliance with Cisco Threat Response in the machine mode. If you have already registered your appliance with Cisco Threat Response in the standalone mode, make sure to deregister the appliance manually before you join it to a cluster. |
To integrate your appliance with Cisco Threat Response, you need to register your appliance with Cisco Threat Response.
You can access Cisco Threat Response using any one of the following URLs:
Note |
If you access Cisco Threat Response using a regional URL - https://visibility.apjc.amp.cisco.comthe Cisco Threat Response integration with your appliance is not currently supported. |
Before you begin
-
Make sure that you create a user account in Cisco Threat Response with admin access rights. To create a new user account, go to Cisco Threat Response login page using the following URL - https://visibility.amp.cisco.com and click Create a Cisco Security account in the login page. If you are unable to create a new user account, contact Cisco TAC for assistance.
-
Make sure that you enable Cisco Threat Response integration on the Cisco Security Services Exchange (SSE) portal. For more information, go to https://securex.us.security.cisco.com/settings/modules/available, navigate to the module to integrate with Cisco Threat Response, click Add New Module, and see the instructions on the page.
-
Make sure that you open HTTPS (In and Out) 443 port on the firewall for the following FQDNs to register your appliance with Cisco Threat Response:
-
api-sse.cisco.com (applicable for Americas users only)
-
api.eu.sse.itd.cisco.com (applicable for European Union (EU) users only)
-
For more information, see Firewall Information.
Procedure
Step 1 |
Log in to your appliance. |
Step 2 |
Select Networks > Cloud Service Settings. |
Step 3 |
Click Edit Settings. |
Step 4 |
Check Enable. |
Step 5 |
Choose the required Cisco Threat Response server to connect your appliance to Cisco Threat Response. |
Step 6 |
Submit and commit your changes. |
Step 7 |
Navigate back to the Cloud Service Settings page after few minutes to register your appliance with Cisco Threat Response. |
Step 8 |
Obtain a registration token from Cisco Threat Response to register your appliance with Cisco Threat Response. For more information, go to https://securex.us.security.cisco.com/settings/modules/available, navigate to the module to integrate with Cisco Threat Response, click Add New Module, and see the instructions on the page. |
Step 9 |
Enter the registration token obtained from Cisco Threat Response and click Register. |
Step 10 |
Add your appliance as an integration module to Cisco Threat Response. For more information, go to https://securex.us.security.cisco.com/settings/modules/available, navigate to the module to integrate with Cisco Threat Response, click Add New Module, and see the instructions on the page. |
What to do next
After you add your appliance as an integration module in Cisco Threat Response, you can view the email reporting, message tracking, and web tracking information from your appliance in Cisco Threat Response. For more information, go to https://securex.us.security.cisco.com/settings/modules/available, navigate to the module to integrate with Cisco Threat Response, click Add New Module, and see the instructions on the page.
Note |
To deregister your appliance connection from Cisco Threat Response, click Deregister in the Cloud Services Settings page in your appliance. |