Introduction
This document is intended to provide answers to frequently asked questions related to the retirement of the Global Threat Alerts feature of Cisco Secure Endpoint.
End of Service Announcement
Cisco Secure Endpoint is retiring the Global Threat Analytics (GTA) feature. Customers will no longer be able to enroll in GTA as of February 1st. Customers will no longer receive event data generated by GTA as of July 31st.
Frequently Asked Questions
Timeline for End of Service
- February 6th 2024 – Customers will no longer be able to enroll in GTA related features.
- July 31st 2024 – The GTA Cloud Service will stop ingesting data. The GTA backend & dashboard will be decommissioned, no new customer events will be generated.
What products are impacted?
- Cisco Secure Endpoint AKA AMP For Endpoints
- Cisco Global Threat Analytics
- Cisco Secure Network Analytics AKA Stealth Watch Enterprise
What products will replace this capability?
- XDR will be the closest alignment in capability but will not provide a 1-1 replacement for the functionality provided by Global Threat Analytics.
What actions do customers need to take?
- Cisco Secure Endpoint
- No customer action is required.
- What to Expect: As of July 31, Secure Endpoint will stop presenting alerts generated by the GTA feature.
- Global Threat Analytics
- No customer action is required.
- What to Expect: As of July 31, data will no longer be ingested by the GTA service, data processing will stop, and no additional events will be generated. Customers are advised to disable the shipping of data to GTA on their supported appliances.
Will I be impacted by this change?
- If you own Secure Endpoint or Secure Network Analytics and have enabled the GTA feature, your product(s) will be impacted by this change.
What is the impact to my product?
- Secure Endpoint
- Secure Endpoint will no longer receive alerts and telemetry from Global Threat Analytics. This will result in fewer console notifications related to network traffic correlated to malicious IP’s and URL’s.
- Secure Network Analytics
- Global Threat Alerts widget on the SNA dashboard will not be available post 7.5.1 release. For prior releases, the GTA widget on the SNA Dashboard will remain and fail to load. Cisco Secure Network Analytics customers can achieve similar outcomes to the GTA service by using the Central Analytics feature available with the Data Store architecture and integrating it with the Talos Threat Intelligence feed. o For more details on how SNA will be impacted please see The Global Threat Alerts (GTA) End of Service (EOS) FAQ
What is the impact to my service right now?
- Customers leveraging the GTA feature will not be impacted until the decommission date of July 31st, 2024.
What do I need to do to prepare for this feature decommissioning?
- Secure Endpoint: No customer action is required.
- Secure Network Analytics: No customer action is required.
Will I need to take any action after the feature is decommissioned?
- Customers should consider disabling the shipping of logs to the GTA service from their Web Security Appliance (WSA) or F5 Proxys.
- For SNA :
- Toggle OFF the feature in Central Management (SMC)
(Go to Inventory > select your SMC > Appliance Configuration > General > External Services> uncheck the “Enable Global Threat Alerts”)
- Repeat with your Flow Collectors (FCs).
OR
- Upgrade to 7.5.1 release when available in summer of CY2024
Feedback