We wanted to integrate our IBM soar with Cisco Threat Grid

TsadikuBahiru78025 · ‎12-28-2023

We wanted to integrate our IBM SOAR with Cisco Threat Grid and it requested for an API key. From where we can get the key and also does we need license to integrate with Cisco Threat Grid?

TsadikuBahiru78025 · ‎12-28-2023

Ruben Cocheno · ‎12-28-2023

@TsadikuBahiru78025

Note that you might need to import the certificates from TGA into the IBM SOAR platform, and documentation around TGA is not that much outside of the current Admin guide here https://www.cisco.com/c/en/us/td/docs/security/threat_grid/admin-guide/v2-17/b_threat-grid-admin-guide.html

Steps to integrate with the API:

Log in to the Opadmin (Admin) interface of the Malware Analytics Appliance.

Navigate to Configuration > Integrations.

Configure the TGA with the API Access Tokens.

Once configured click Save and then click reconfigure.

Use RASH to the customer appliance to perform
systemctl --no-block restart tg-supervisor

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

TsadikuBahiru78025 · ‎12-28-2023

@Ruben Cocheno thank you for the response. Normally we don't have a Cisco Threat Grid appliance, we were just trying to integrate with the Cisco Talos site Threat Grid. There are free threat intelligence sites. I was also wondering if this Cisco Threat Intelligence is free online.

TsadikuBahiru78025 · ‎12-28-2023

Guys I was asked by the security team to confirm them. Normally we have a cisco asa firewall with an IPS license and a cisco web security appliance. but I don't if these licenses are enough to integreate with cisco talos. Please help me understand the issue.