Figure 11-12 Threat Grid Solution Architecture
On the left side of Figure 11-12 is the Cisco portfolio, and
on the right are the non-Cisco or integration partners.
The numbers in the figure correspond with the following
details:
1. The solution can be integrated across the Cisco security portfolio,
including AMP for Endpoints, AMP for Networks, ASA with
Firepower, ESA, WSA, and Meraki.
2. Threat Grid can be deployed as either a cloud-based software-as-a-
service product or an on-premises appliance.
3. A subscription to Threat Grid provides threat intelligence through
the API.
4. Threat intelligence is automatically delivered to security-
monitoring platforms.
5. Third-party integrations automatically submit samples and
consume threat intelligence.
6. Context-rich analysis empowers junior analysts to make more
accurate decisions more quickly.Threat Grid APIs
The Threat Grid APIs offer a broad range of
functionality, including user and organization account
management, samples (file/malware/signature
management), sample analysis data collection, and
threat intelligence harvesting. The Cisco DevNet site
https://developer.cisco.com/threat-grid/provides
details, API documentation, and a lot of other
information. You can sign up for a free trial account at
https://www.cisco.com/c/en/us/products/security/pro
motions-free-trials.html#~trials. Once you have access,
you can download all the APIs.