Support

This chapter provides instructions for starting a support session and taking support snapshots to aid in resolving issues with the Threat Grid Appliance.

Opening a Support Case

If you have questions or require assistance with Threat Grid, open a case in Support Case Manager, which is located at https://mycase.cloudapps.cisco.com/case.


Note

If you are receiving support from a Cisco Threat Grid engineer, they may need remote access to your appliance. See Live Support Session to learn more about how to start a live support session, and take a snapshot of your appliance.

Procedure

Step 1

In Support Case Manager, click Open New Case > Open Case.

Figure 1. Open New Case
Step 2

Click the Ask a Question radio button and search for your Cisco Security Product Serial Number or Product Service Contract. This should be the serial number or service contract for Threat Grid.

Figure 2. Check Entitlement
Step 3

On the Describe Problem page, enter a Title and Description of the problem (mention Threat Grid in the title).

Step 4

Click Manually select a Technology and search for ThreatGRID.

Figure 3. Select Technology
Step 5

Choose ThreatGRID Appliance from the list and click Select.

Step 6

Complete the remainder of the form and click Submit.

If you are unable to open a case online, contact Cisco Support:

For additional information on how to request support:

Live Support Session

If you require support from a Threat Grid engineer, they may ask you to start a live support session that gives Threat Grid support engineers remote access to the appliance. Normal operations of the appliance will not be affected. You can start a live support session from the Live Support Session page.


Note

You can also enable support mode from the TGSH Dialog, and when booting up in Recovery Mode (see Resetting the Administrator Password for instructions).

Support Servers

Establishing a live support session requires that the appliance be able to reach the following servers:

  • support-snapshots.threatgrid.com - This allows you to directly upload a support snapshot for support, without the need to give Cisco support staff direct access to your appliance or to download the files and then upload/attach it to the support ticket.

  • rash.threatgrid.com - This support mode allows Cisco support staff to log in and inspect the appliance directly.

Both servers should be allowed by the firewall during an active support session.

Starting a Live Support Session

You can start a live support session from the Live Support Session page.

Procedure

Step 1

Click the Support tab and choose Live Support Session.

Figure 4. Live Support Session
Step 2

Click Start Support Session and follow the prompts.

Step 3

To end the session, click Terminate Support Session.

Support Snapshots

A support snapshot is basically a snapshot of the running system, which contains logs, psoutput, etc., to help Support staff troubleshoot any issues.


Note

Snapshots taken before the v2.11 update may no longer have their content available to view or submit.

Procedure

Step 1

To take a snapshot, click the Support tab and choose Support Snapshots.

Figure 5. Support Snapshots
Step 2

Click Create Snapshot. The snapshot is taken and added to the page.

Step 3

Once you take the snapshot, you can view job details, download it as a .tar file, or click Submit, to automatically upload the snapshot to the Threat Grid snapshot server.

To remove a snapshot, click Delete.

Use Snapshots to Verify Backups

You can also use snapshots to test and verify that your backups are good. Take a snapshot of the backup store in your Production appliance or cluster, creating a new writable volume off of it, and then try to restore a non-production appliance or cluster from that snapshot.