Skip to main content

Incident ResponderIncident Responder Documentation

Configure the Cisco Threat Grid Service

Configure Cisco SecureX malware analytics, formerly known as Threat Grid, as a service to detonate files using actions.

  • Note the IP address, host name, or URL you use to access the Cisco Secure Malware Analytics API (see the API Access or the Searching for a Sample Submission by API sections.)

  • Note your Cisco Secure Malware Analytics API key.

  • Note if your privacy setting for samples you submit to Cisco Secure Malware Analytics is Public or Private.

  • Note the default virtual machine environment your organization uses for UI and API samples.

  • If you use a proxy, ensure that you whitelist the IP address or URL you use to access the Cisco Secure Malware Analytics API.

  1. In the navigation bar, click the menu The menu icon in the navigation bar; three white lines on a green background., select Settings, then select Core.

  2. Under SERVICE INTEGRATIONS, select Services.

  3. Select a service:

    • To configure a specific service, hover over a service, then click CONFIGURE. Use the search by vendor or filter by action to find a service.

    • To manually provide the relevant information for a service, click Configure a new serviceA blue circle with a white plus sign..

    • To view all actions for a service, hover over a service, then click the information icon An icon of a grey i inside a grey circle..

  4. Enter information about the service:

    • Service Name – Enter a unique name for the service. By default, the service name is ThreatGrid.

    • (Optional) Description – Describe the service.

    • (Optional) Owner – Enter the email address of the person or group responsible for the service. 

    • Host – Enter the IP, host name, or URL you use to access the Cisco Secure Malware Analytics API you previously noted; for example, https://panacea.threatgrid.com/api/v2/

    • API Key – Enter your Cisco Secure Malware Analytics API key you previously noted.

    • Private Submissions – Select whether your Cisco Secure Malware Analytics API privacy setting makes samples private or public: if your privacy setting is Private, select True; if your privacy setting is Public, select False.

    • Sandbox VM – Enter the default virtual machine environment your organization uses for UI and API samples; for example, win7-x64.

  5. To validate the source, select TEST CONNECTIVITY.

  6. Select CREATE SERVICE.