Cisco amp threat grid Скачать руководство пользователя | Manualshive

Страница: 11 / 50

background image

Cisco AMP Threat Grid Appliance Setup and Configuration Guide

PLANNING

6

Hardware Documentation

Installation and Service Guide for Cisco UCS C220 M4 Server:

http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/hw/C220M4/install/C220M4.pdf

Installation and Service Guide for Cisco UCS C220 M3 Server:

http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c/hw/C220/install/C220.html

Spec Sheet for Cisco UCS C220 M3 High-Density Rack Server (Small Form Factor Disk Drive Model):

http://www.cisco.com/c/dam/en/us/products/collateral/servers-unified-computing/ucs-c-series-rack-

servers/C220M3_SFF_SpecSheet.pdf

Cisco has a power/cooling calculator, which you may also find useful:

https://mainstayadvisor.com/Go/Cisco/Cisco-UCS-Power-Calculator.aspx

Network Requirements

The Threat Grid Appliance requires three networks:

ADMIN -

The "

Administrative"

network. Must be configured in order to perform the appliance setup.

CLEAN -

The "

Clean

" network is used for inbound, trusted traffic to the appliance (requests). This includes

integrated appliances. For example, the Cisco Email Security appliances and Web Security appliances
(ESA/WSA) connect to the IP address of the Clean interface.

Note:

The following specific, restricted kinds of network traffic can be outbound from Clean:

•

Remote syslog connections

•

Email messages sent by the Threat Grid Appliance itself

•

Disposition Update Service connections to FireAMP Private Cloud devices

•

DNS requests related to any of the above

•

LDAP

DIRTY -

The "

Dirty

" network is used for outbound traffic from the appliance (including malware traffic).

Note:

We recommend using a dedicated external IP address (i.e., the "

Dirty

" interface) that is different

from your corporate IP, in order to protect your internal network assets.

For network interface setup information and illustrations, see the Network Interfaces, and Network Interface

Connections Setup sections below.

DNS Server Access

The DNS server used for purposes other than Disposition Update Service lookups, resolving remote syslog
connections, and resolving the mail server used for notifications from the Threat Grid software itself needs

to be accessible via the dirty network.

«
...
9
10
11
12
13
...
»

Содержание amp threat grid

Страница 1: ...p and Configuration Guide Version 2 2 Last Updated March 8 2017 Cisco Systems Inc www cisco com Cisco has more than 200 offices worldwide Addresses phone numbers and fax numbers are listed on the Cisco website at www cisco com go offices ...

Страница 2: ...ALING USAGE OR TRADE PRACTICE IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT SPECIAL CONSEQUENTIAL OR INCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES Any Internet Protocol IP addresses and phone number...

Страница 3: ... Version 2 0 3 SUPPORT CONTACTING THREAT GRID 3 Support Mode 3 Start Support Mode License Workaround Prior to Version 1 4 4 3 Support Servers 4 Support Snapshots 4 PLANNING 5 USER DOCUMENTATION AND ONLINE HELP 5 ENVIRONMENTAL REQUIREMENTS 5 HARDWARE REQUIREMENTS 5 HARDWARE DOCUMENTATION 6 NETWORK REQUIREMENTS 6 DNS Server Access 6 NTP Server Access 7 INTEGRATIONS ESA WSA FIREAMP ETC 7 DHCP 7 LICEN...

Страница 4: ...UGGESTIONS 17 POWER ON AND BOOT UP 18 INITIAL NETWORK CONFIGURATION TGSH DIALOG 20 CONFIGURATION WIZARD OPADMIN PORTAL 26 CONFIGURATION WORKFLOW 26 LOGIN TO THE OPADMIN PORTAL 26 ADMIN PASSWORD CHANGE 28 END USER LICENSE AGREEMENT 29 NETWORK CONFIGURATION SETTINGS 29 Network Configuration and DHCP 29 LICENSE INSTALLATION 30 EMAIL HOST CONFIGURATION 30 SERVER NOTIFICATIONS CONFIGURATION 31 NTP SERV...

Страница 5: ...irty 21 Figure 12 Network Configuration In Progress admin 22 Figure 13 Network Configuration Confirmation 23 Figure 14 Network Configuration List of Changes Made 24 Figure 15 IP Addresses 25 Figure 16 OpAdmin Login 27 Figure 17 OpAdmin Change Password 28 Figure 18 License Page 29 Figure 19 License Information After Successful Installation 30 Figure 20 Notifications Configuration 31 Figure 21 Appli...

Страница 6: ...characteristics can quickly be correlated against millions of other samples to fully understand its behaviors within an historical and global context This ability helps security teams to effectively defend the organization against threats and attacks from advanced malware Who This Guide Is For Before a new appliance can be used for malware analysis it must be set up and configured for the organiza...

Страница 7: ...ion Cisco UCS C220 M4 Server Released on November 17 2016 the C220 M4 server includes a hardware refresh as well as the Secure Boot feature Please contact us at support threatgrid com to discuss any questions you may have about upgrading Note Threat Grid will continue to provide support for M3s until after the expiration of their contracted lifespan All the same M4 features are available as over t...

Страница 8: ...umbers see http www cisco com c en us support index html When requesting support from Threat Grid please send the following information with your request Appliance version OpAdmin Operations Update Appliance Full service status service status from the shell Network diagram or description if applicable Support Mode Shell or Web interface Support Request Details Support Mode If you require support f...

Страница 9: ...pport Session Support Servers Establishing a support session requires that the TG appliance reach the following servers support snapshots threatgrid com rash threatgrid com Both servers should be allowed by the firewall during an active support session Support Snapshots A support snapshot is basically a snapshot of the running system which contains logs ps output etc to help Support staff troubles...

Страница 10: ... Install and Upgrade page on Cisco com Threat Grid Portal UI Online Help Threat Grid Portal user documentation including Release Notes Using Threat Grid Online Help API documentation and other information is available from the Help menu located in the navigation bar at the top of the user interface Environmental Requirements The Threat Grid Appliance is deployed on a UCS C220 M3 or C220 M4 server ...

Страница 11: ...fic to the appliance requests This includes integrated appliances For example the Cisco Email Security appliances and Web Security appliances ESA WSA connect to the IP address of the Clean interface Note The following specific restricted kinds of network traffic can be outbound from Clean Remote syslog connections Email messages sent by the Threat Grid Appliance itself Disposition Update Service c...

Страница 12: ... AMP Threat Grid For questions about licenses please contact support threatgrid com Organization and Users Once you have completed the appliance setup and network configuration you will need to create the initial Threat Grid Organizations and user account s so people can login and begin submitting malware samples for analysis This task may require planning and coordination among multiple organizat...

Страница 13: ...e initial randomly generated password which is visible initially in the TGSH Dialog or the new Admin password you create during the first step of the OpAdmin Portal Configuration which is described in the next section OpAdmin Portal This is the primary Threat Grid GUI configuration tool Much of the appliance configuration can ONLY be done via OpAdmin including licenses email host SSL Certificates ...

Страница 14: ...outbound Dirty Interface Connect to the Dirty network Requires Internet access Outbound Only DNS Note If you are setting up an integration with a FireAMP Private Cloud and the FireAMP appliance hostname cannot be resolved over the Dirty interface then a separate DNS server that uses the Clean interface can be configured in OpAdmin NTP Updates Support Session in Normal Operations Mode Support Snaps...

Страница 15: ...ial configuration steps are described in this document Server Setup Network Interface Connections Setup Admin Clean Dirty Initial Network Configuration TGSH Dialog Main Configuration OpAdmin Portal Install Updates Test the Appliance setup Submit a Sample for Analysis Admin Configuration Complete the remaining administrative configuration tasks license installation email server SSL Certificates etc...

Страница 16: ...Cisco AMP Threat Grid Appliance Setup and Configuration Guide PLANNING 11 ...

Страница 17: ...vironmental setup information Links to product documentation are provided in the Hardware Documentation section above Network Interface Connections Setup Find the SFP ports there are two and the three Ethernet ports on the back of the appliance and attach the network cables as illustrated below C220 M3 Rack Server Setup Figure 3 Cisco UCS C220 M3 SFF Rack Server The interfaces must be properly con...

Страница 18: ...Rear View Details Note For releases 1 0 1 2 a reboot may be needed if an interface was not plugged in at boot time This is a pre 1 3 issue except for any interface requiring an SFP which will still needs to be plugged in at boot time post 1 3 The network cable plugged into the SFP may be hot plugged safely ...

Страница 19: ...and Configuration Guide SERVER SETUP 14 C220 M4 Rack Server Setup Figure 5 Cisco UCS C220 M4 SFF Rack Server Note The details of your appliance may differ from the image above Please contact support threatgrid com if you have any questions ...

Страница 20: ...Cisco AMP Threat Grid Appliance Setup and Configuration Guide SERVER SETUP 15 Figure 6 CIsco UCS C220 M4 Rear View Details Connections 1 Admin 8 left Clean 8 right Dirty 6 CIMC ...

Страница 21: ...recommended setup for an AMP Threat Grid Appliance However each customer s interface setup is different Depending on your network requirements you may well decide to connect the Dirty interface to the inside or the Clean interface to the outside with appropriate network security measures in place for example Figure 7 Network Interfaces Setup Diagram ...

Страница 22: ... Internet DNS Allow Allow outbound DNS Dirty interface Internet NTP UDP 123 Allow Allow outbound traffic to access NTP Clean interface SMTP Server SMTP Allow The appliance uses the clean interface to initiate SMTP connections to the configured mail server The Clean interface does not need outbound connectivity to the Internet Clean interface Internet TCP 19791 Allow Allow connectivity to Thread Gr...

Страница 23: ...n interface FireAMP Private Cloud TCP 443 Allow Optional only required if FireAMP Private Cloud integration is used Clean Interface LDAP Allow Optional only required if LDAP is configured Dirty Interface OpenDNS TitaniumCloud VirusTotal HTTPS Allow Connect with 3rd party detection and enrichment services Power On and Boot Up Once you have connected the server peripherals and the network interfaces...

Страница 24: ... and connected Figure 9 TGSH Dialog The Admin URL shows as unavailable the network interface connections are not yet configured and the OpAdmin Portal cannot be reached yet to perform this task Note Make a note of the administrator Password into a separate text file for convenience copy paste during the OpAdmin Portal configuration steps IMPORTANT The TGSH Dialog displays the initial administrator...

Страница 25: ...ing DHCP to obtain your IPs then please see the Threat Grid Appliance Administrator s Guide for more information 1 In the TGSH Dialog interface select CONFIG_NETWORK The Network Configuration console opens Figure 10 TGSH Dialog Network Configuration Console 2 Complete the blank fields according to the settings provided by your network administrator for the clean dirty and admin interfaces 3 Change...

Страница 26: ...co AMP Threat Grid Appliance Setup and Configuration Guide INITIAL NETWORK CONFIGURATION TGSH DIALOG 21 Figure 11 Network Configuration In Progress clean and dirty 6 Leave the Dirty network DNS Name blank ...

Страница 27: ...ration In Progress admin 7 After you finish entering all the network settings tab down and select Validate to validate your entries If invalid values have been entered you may see errors If this is the case then fix the errors and re Validate After validation the Network Configuration Confirmation displays the values you ve entered ...

Страница 28: ...ation 8 Select Apply to apply your configuration settings Have patience This step may take 10 minutes or more to complete The console will become a blank grey box and the screen may display scrolling configuration information as the settings are applied and then it will list detailed information about the configuration changes that have been made ...

Страница 29: ... Setup and Configuration Guide INITIAL NETWORK CONFIGURATION TGSH DIALOG 24 Figure 14 Network Configuration List of Changes Made 9 Select OK The Network Configuration Console refreshes again and displays the IP addresses you entered ...

Страница 30: ...twork configuration of your appliance Note The URL for the Clean interface will not work until the OpAdmin portal configuration is complete Next Setup Step The next step in the appliance setup is to complete the remaining configuration tasks using the workflow in the OpAdmin portal as described in the following section OPADMIN PORTAL CONFIGURATION WIZARD ...

Страница 31: ...dmin Portal administrator s password Email servers DNS servers NTP servers SSL Certificates Other server settings https adminIP OR https adminHostname Note Not all of these settings are completed in the initial OpAdmin portal configuration wizard workflow Some such as SSL Certificates are configured in separate steps as described in the Threat Grid Appliance Administrator s Guide Configuration Wor...

Страница 32: ...p and Configuration Guide CONFIGURATION WIZARD OPADMIN PORTAL 27 Figure 16 OpAdmin Login 2 Enter the default Admin Password that you copied from the TGSH Dialog and click Login The Change Password page opens Continue with the next section ...

Страница 33: ...igure 17 OpAdmin Change Password 1 Enter the password from the TGSH Dialog into the Old Password field You should have this in a text file for use at this moment 2 Enter and confirm a new password 3 Click Change Password The password is updated The End User License Agreement page opens Note The new password will NOT be displayed in visible text in the TGSH Dialog so be sure to note it down somewhe...

Страница 34: ... described in the next section Network Configuration Settings Network Configuration Settings If you configured your static network settings in the TGSH Dialog the IP addresses displayed in the Network Configuration page will reflect the values you entered in the TGSH Dialog during the appliance network configuration Network Configuration and DHCP If you used DHCP for your initial connection and no...

Страница 35: ...mation 1 Click on License in the left column The License page opens No license has been installed 2 Under Install New License click Browse and select the license from your file manager 3 Enter the license password you were given into the Passphrase field 4 Click Upload to install The page refreshes and you should see your license information Figure 19 License Information After Successful Installat...

Страница 36: ...esses System notifications are displayed in the Threat Grid portal interface but this page allows you to set up notifications that are also sent via email Note Update v1 3 includes a page to configure a Syslog server to receive syslog messages and Thread Grid notifications See the Threat Grid Appliance Admin Guide for more information Figure 20 Notifications Configuration 1 First set the Critical ...

Страница 37: ...Cisco AMP Threat Grid Appliance Setup and Configuration Guide CONFIGURATION WIZARD OPADMIN PORTAL 32 ...

Страница 38: ...r 3 Click Next The Review and Install page opens with checkboxes next to all of the Configuration steps Continue with the next section Review and Install Configuration Settings Now that you have entered your network configuration settings you must install them as described below 1 In the Review and Install page click Start Installation Configuration scripts are installed and you see the message Th...

Страница 39: ...IGURATION WIZARD OPADMIN PORTAL 34 Figure 21 Appliance is Installing 2 After successful installation the State changes from the orange Running to a green Successful message confirming success The Reboot button changes to green and the configuration output is displayed ...

Страница 40: ... PORTAL 35 Figure 22 Successful Appliance Installation 3 Click Reboot after the successful installation You will see the message that The appliance is rebooting Rebooting may take up to 5 minutes Please do not make any changes while the Appliance is rebooting Figure 23 Appliance is Rebooting ...

Страница 41: ...e CONFIGURATION WIZARD OPADMIN PORTAL 36 Once the appliance has successfully rebooted you will see the following confirmation that the Appliance is configured Figure 24 Appliance Is Configured Your appliance is now setup and the initial configuration is complete ...

Страница 42: ...iance The updates page opens displaying the current build of the appliance 2 Click Check Download Updates The software checks to see if there is a more recent update version of the Threat Grid Appliance software and if so it is downloaded This may take some time 3 Once the updates have been downloaded click Run Update to install them For more information about installing updates see the Threat Gri...

Страница 43: ...70105200233 32f70432 rel 2 1 6 1 7 2017 LDAP Authentication support for OpAdmin tgsh dialog 2016 05 20161121134140 489f130d rel 2 1 5 11 21 2016 ElasticSearch5 CSA performance fix 2016 05 20160905202824 f7792890 rel 2 1 4 9 5 2016 Primarily of interest to Manufacturing 2016 05 20160811044721 6af0fa61 rel 2 1 3 8 11 2016 Offline update support key M4 wipe support 2016 05 20160715165510 baed88a3 rel...

Страница 44: ...01138 8934fa1d v1 4 2014 10 20150805134744 4ce05d84 v1 3 2014 10 20150709144003 b4d4171c v1 2 1 2014 10 20150326161410 44cd33f3 v1 2 2014 10 20150203155143 hotfix1 b06f7b4f v1 1 hotfix1 2014 10 20150203155142 b06f7b4f v1 1 2014 10 20141125162160 hotfix2 8afc5e2f v1 0 hotfix2 NOTE The 1 0 hotfix2 is a mandatory update that fixes the update system itself to be able to handle large files without brea...

Страница 45: ...ce Setup and Configuration Guide INSTALLING THREAT GRID APPLIANCE UPDATES 40 Note Updating from 1 0 to 1 0 hotfix2 takes approximately 15 minutes Applying a full update from 1 0 to 1 3 without data migration takes about 30 minutes ...

Страница 46: ... Threat Grid login page opens Figure 26 Threat Grid Portal Login Page 2 Enter the default Login and Password admin changeme 3 Click Login The main Threat Grid Sample Analysis page opens 4 In the Submit a Sample box located in the upper right corner to select a sample file or enter a URL to submit for malware analysis 5 Click Upload Sample The Threat Grid sample analysis process is launched You sho...

Страница 47: ...ADMINISTRATION Once the Threat Grid Appliance has been setup and initial configuration is completed it is ready for the appliance administrator Release notes Updates SSL Certificates adding users and other administrator tasks and topics are documented in the Threat Grid Appliance Administrator s Guide ...

Страница 48: ...ch allows you to enter the Cisco Integrated Management Controller CIMC Configuration Utility The CIMC interface can be used for remote server management You will need a monitor and keyboard attached directly to the appliance 1 Power on the server The Cisco screen opens Figure 27 The Cisco screen F8 to enter the CIMC Configuration Utility 2 After the memory check is completed press F8 to enter the ...

Страница 49: ...MC Configuration Utility 3 In the CIMC configuration utility set up an IP address that will be used for remote server management 4 When complete Save and then Exit At this point the server can be managed remotely by using a Web browser to https CIMC IP address 5 The initial user name is admin with a password of password ...

Страница 50: ...ration Guide APPENDIX A CIMC CONFIGURATION RECOMMENDED 45 Figure 29 Cisco Integrated Management Controller CIMC Interface The CIMC interface can now be used to view the server health as well as open a KVM to complete the remaining setup steps remotely ...

Отзывы:

Нет отзывов

Похожие инструкции для amp threat grid

Бренд: Watchguard Страницы: 20

Бренд: Forcepoint Страницы: 12

Бренд: SonicWALL Страницы: 34

Бренд: SonicWALL Страницы: 21

SECPATH U200-CS

Бренд: 3Com Страницы: 130

ZyXEL ZyWALL USG-1000

Бренд: ZyXEL Communications Страницы: 4

Personal aXsGUARD

Бренд: Vasco Страницы: 49

Бренд: Watchguard Страницы: 23

Бренд: Attila Security Страницы: 8

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды