Support

This chapter provides instructions for starting a support session and taking support snapshots to aid in resolving issues with the Secure Malware Analytics Appliance.

Opening a Support Case

If you have questions or require assistance with Secure Malware Analytics, open a case in Support Case Manager, which is located at https://mycase.cloudapps.cisco.com/case.


Note

If you are receiving support from a Cisco Secure Malware Analytics engineer, they may need remote access to your appliance. See Live Support Session to learn more about how to start a live support session, and take a snapshot of your appliance.

Procedure

Step 1

In Support Case Manager, click Open New Case > Open Case.

Figure 1. Open New Case

Step 2

Click the Ask a Question radio button and search for your Cisco Security Product Serial Number or Product Service Contract. This should be the serial number or service contract for Secure Malware Analytics.

Figure 2. Check Entitlement

Step 3

On the Describe Problem page, enter a Title and Description of the problem (mention Secure Malware Analytics in the title).

Step 4

Click Manually select a Technology and search for Secure Malware Analytics.

Figure 3. Select Technology

Step 5

Choose Cisco Secure Malware Analytics Appliance from the list and click Select.

Step 6

Complete the remainder of the form and click Submit.

If you are unable to open a case online, contact Cisco Support:

For additional information on how to request support:

Live Support Session

If you require support from a Secure Malware Analytics engineer, they may ask you to start a live support session that gives Secure Malware Analytics support engineers remote access to the appliance. Normal operations of the appliance will not be affected. You can start a live support session from the Live Support Session page.


Note

You can also enable support mode from the Admin TUI, and when booting up in Recovery Mode (see Resetting the Administrator Password for instructions).

Support Servers

Establishing a live support session requires that the appliance be able to reach the following servers:

  • support-snapshots.threatgrid.com - This allows you to directly upload a support snapshot for support, without the need to give Cisco support staff direct access to your appliance or to download the files and then upload/attach it to the support ticket.

  • rash.threatgrid.com - This support mode allows Cisco support staff to log in and inspect the appliance directly.

Both servers should be allowed by the firewall during an active support session. For more information on the recommended firewall rules per interface of the Secure Malware Analytics Appliance, see SMA firewall rules.

Starting a Live Support Session

You can start a live support session from the Live Support Session page.

Procedure

Step 1

Click the Support tab and choose Live Support Session.

Figure 4. Live Support Session

Step 2

Click Start Support Session and follow the prompts.

Step 3

To end the session, click Terminate Support Session.

Support Snapshots

A support snapshot is basically a snapshot of the running system, which contains logs, psoutput, etc., to help Support staff troubleshoot any issues.


Note

Snapshots taken before the v2.11 update may no longer have their content available to view or submit.

Procedure

Step 1

To take a snapshot, click the Support tab and choose Support Snapshots.

Figure 5. Support Snapshots

Step 2

Click Create Snapshot. The snapshot is taken and added to the page.

Step 3

Once you take the snapshot, you can view job details, download it as a .tar file, or click Submit, to automatically upload the snapshot to the Secure Malware Analytics snapshot server.

To remove a snapshot, click Delete.

Use Snapshots to Verify Backups

You can also use snapshots to test and verify that your backups are good. Take a snapshot of the backup store in your Production appliance or cluster, creating a new writable volume off of it, and then try to restore a non-production appliance or cluster from that snapshot.