The Cisco Threat Grid appliance provides safe and highly secure on-premises advanced malware analysis, with deep threat analytics and content. A Threat Grid Appliance provides the complete Threat Grid malware analysis platform, installed on a single UCS server: Cisco UCS C220-M3 (TG5000) or Cisco UCS C220 M4 (TG5400) for Threat Grid Appliance v2.7.2 or earlier, or Cisco Threat Grid M5 Appliance for Threat Grid Appliance v2.7.2 or later. It empowers organizations operating under various compliance and policy restrictions, to submit malware samples to the appliance.

Many organizations that handle sensitive data, such as banks and health services, must follow various regulatory rules and guidelines that do not allow certain types of files, such as malware artifacts, to be sent outside of the network for malware analysis. By maintaining a Cisco Threat Grid Appliance on-premises, organizations are able to send suspicious documents and files to it to be analyzed without leaving the network.

With a Threat Grid Appliance, security teams can analyze all samples using proprietary and highly secure static and dynamic analysis techniques. The appliance correlates the analysis results with hundreds of millions of previously analyzed malware artifacts, to provide a global view of malware attacks and campaigns, and their distributions. A single sample of observed activity and characteristics can quickly be correlated against millions of other samples to fully understand its behaviors within an historical and global context. This ability helps security teams to effectively defend the organization against threats and attacks from advanced malware.

The following changes have been implemented in this guide in Version 2.7:

Before a new appliance can be used for malware analysis, it must be set up and configured for the organization's network. This guide is intended for the security team IT staff tasked with setting up and configuring a new Threat Grid Appliance.

This document describes how to complete the initial setup and configuration for a new Threat Grid Appliance, up to the point where malware samples can be submitted to it for analysis.

The latest versions of Cisco Threat Grid Appliance product documentation can be found on Cisco.com:

• Cisco Threat Grid Appliance Release Notes

• Cisco Threat Grid Version Lookup Table

• Cisco Threat Grid Appliance Administrator Guide

Note	Prior version of Cisco Threat Grid Appliance product documentation can be found on the Threat Grid Install and Upgrade page.

Hardware Documentation

Note	The Cisco Threat Grid M5 Appliance is supported in Threat Grid Version 3.5.27 and later, and appliance version 2.7.2 and later.

• Cisco Threat Grid M5 Hardware Installation Guide

• Cisco UCS C220 M4 Server Installation and Service Guide

• Cisco UCS C220 Server Installation and Service Guide

• Spec Sheet for Cisco UCS C220 M4 High-Density Rack Server (Small Form Factor Disk Drive Model) (product has been discontinued)

• Spec Sheet for Cisco UCS C220 M3 High-Density Rack Server (Small Form Factor Disk Drive Model) (product has been discontinued)

There are several ways to request support from a Threat Grid engineer:

• Email. Send email to support@threatgrid.com with your query.

• Open a Support Case. You will need your Cisco.com ID (or to generate one) to open a support case. You will also need your service contract number, which was included on the order invoice. Enter your support case with the Cisco Support Case Manager.

• Call. For Cisco phone numbers and contact information see the Cisco Contact page.

When requesting support from Threat Grid, please send the following information with your request:

• Appliance version (OpAdmin > Operations > Update Appliance)

• Full service status (service status from the shell)

• Network diagram or description (if applicable)

• Support Mode (Shell or Web interface)

• Support Request Details