The Cisco Threat Grid appliance provides safe and highly secure on-premises advanced malware analysis, with deep threat analytics and content. A Threat Grid Appliance provides the complete Threat Grid malware analysis platform, installed on a single UCS server: Cisco UCS C220-M3 (TG5000) or Cisco UCS C220 M4 (TG5400). It empowers organizations operating under various compliance and policy restrictions, to submit malware samples to the appliance.

Many organizations that handle sensitive data, such as banks and health services, must follow various regulatory rules and guidelines that do not allow certain types of files, such as malware artifacts, to be sent outside of the network for malware analysis. By maintaining a Cisco Threat Grid Appliance on-premises, organizations are able to send suspicious documents and files to it to be analyzed without leaving the network.

With a Threat Grid Appliance, security teams can analyze all samples using proprietary and highly secure static and dynamic analysis techniques. The appliance correlates the analysis results with hundreds of millions of previously analyzed malware artifacts, to provide a global view of malware attacks and campaigns, and their distributions. A single sample of observed activity and characteristics can quickly be correlated against millions of other samples to fully understand its behaviors within an historical and global context. This ability helps security teams to effectively defend the organization against threats and attacks from advanced malware.

The following changes have been implemented in this guide in Version 2.7:

This guide is intended to be used by the Threat Grid Appliance administrator after the appliance has been set up and configured, and an initial test malware sample has been successfully submitted and analyzed. It describes how to manage organizations and users for the Threat Grid malware analysis tool, appliance updates, backups, and other server administration tasks.

This guide also provides information for administrators who are integrating the Threat Grid Appliance with other Cisco products and services, such as Cisco Email Security Appliance, Cisco Web Security Appliance, and AMP for Endpoints Private Cloud devices.

Note	For information about Threat Grid Appliance setup and configuration, see the Cisco Threat Grid Appliance Setup and Configuration Guide.

The latest versions of Cisco Threat Grid Appliance product documentation can be found on Cisco.com:

• Cisco Threat Grid Appliance Release Notes

• Cisco Threat Grid Version Lookup Table

Prior version of Cisco Threat Grid Appliance product documentation can be found on the Threat Grid Install and Upgrade page.

There are several ways to request support from a Threat Grid engineer:

• Email. Send email to support@threatgrid.com with your query.

• Open a Support Case. You will need your Cisco.com ID (or to generate one) to open a support case. You will also need your service contract number, which was included on the order invoice. Enter your support case with the Cisco Support Case Manager.

• Call. For Cisco phone numbers and contact information see the Cisco Contact page.

When requesting support from Threat Grid, please send the following information with your request:

• Appliance version (OpAdmin > Operations > Update Appliance)

• Full service status (service status from the shell)

• Network diagram or description (if applicable)

• Support Mode (Shell or Web interface)

• Support Request Details