Avatar

Cisco Threat Grid offers a powerful combination of automated malware analysis and advanced threat intelligence. Threat Grid is the file analysis backend of all Cisco Advanced Threat Solutions (ATS) products, and is directly usable via a portal account in the cloud deployment or portal access to a local appliance version. What is less well known, is the availability of a powerful API that offers access to most Threat Grid functions and information. This allows you, the customer, to integrate advanced analysis capabilities into existing SOC tooling and processes – with minimal development expertise required.

If you’re going to be at Cisco Live next week in Barcelona, you can register for the DevNet workshop I am leading. We will be exploring the most basic threat intelligence capabilities of the API. This 45 minute session requires a beginner level understanding of Python or a similar scripting language, and by the end of it you will be equipped to write scripts that retrieve timely and relevant threat intelligence in formats that are ready for importation into popular SOC tools.

If you’re not able to join me in Barcelona, stay tuned to this space for updates about this and similar sessions at Cisco Live 2018 in Melbourne and Orlando – or take the recently published, self-guided “Introduction to the Cisco Threat Grid API Learning Lab.”

Here are some additional links you may find helpful:

Threat Grid introduction at Cisco.com:
Threat Grid YouTube Playlist — This playlist shows several features and use cases of Cisco Threat Grid. The subjects are largely about interactive portal use, but stay tuned for more API content here as well!

Threat Grid online API documentation: