Cisco Threat Grid offers a powerful combination of automated malware analysis and advanced threat intelligence. Threat Grid is the file analysis backend of all Cisco Advanced Threat Solutions (ATS) products, and is directly usable via a portal account in the cloud deployment or portal access to a local appliance version. What is less well known, is the availability of a powerful API that offers access to most Threat Grid functions and information. This allows you, the customer, to integrate advanced analysis capabilities into existing SOC tooling and processes – with minimal development expertise required.
If you’re going to be at Cisco Live next week in Barcelona, you can register for the DevNet workshop I am leading. We will be exploring the most basic threat intelligence capabilities of the API. This 45 minute session requires a beginner level understanding of Python or a similar scripting language, and by the end of it you will be equipped to write scripts that retrieve timely and relevant threat intelligence in formats that are ready for importation into popular SOC tools.
If you’re not able to join me in Barcelona, stay tuned to this space for updates about this and similar sessions at Cisco Live 2018 in Melbourne and Orlando – or take the recently published, self-guided “Introduction to the Cisco Threat Grid API Learning Lab.”
Here are some additional links you may find helpful:
Threat Grid introduction at Cisco.com:
Threat Grid YouTube Playlist — This playlist shows several features and use cases of Cisco Threat Grid. The subjects are largely about interactive portal use, but stay tuned for more API content here as well!
Threat Grid online API documentation:
- Getting started with APIs — Basic information applicable to Threat Grid API usage in general
- Threat grid curated feeds — Information about the curated feeds API
- Threat Grid main API — The main API, including samples feeds and IoC feeds, as well as all other main API functions not covered elsewhere
- Bulk sample submission guide — Guidance on using the API to submit samples in bulk
- Submission search API — An API for advanced searching of submission records
- Account management API — Information about using the AMA to provision users and edit your organization and user accounts.