[
{
"title":"Security",
"url":"/site/security/"
},
{
"title":"Secure Malware Analytics"
}
]
Learn
https://learninglabs.cisco.com/labs/tags/threatGrid/page/1
_blank
Docs
https://panacea.threatgrid.com/mask/doc/mask/index
Community
https://community.cisco.com/t5/other-security/bd-p/j-disc-dev-security
Secure Malware Analytics
Formerly known as Threat Grid, the REST APIs allow users to submit samples for analysis as part of an investigation or research. The indicators and data from the analysis are indexed and searchable making it easy to use for triage, hunting, or threat intelligence. This allows analysts to query the data and find, for example, additional pieces of infrastructure that an attacker is using in a campaign, methods of persistence a family of malware uses, host or network indicators that follow similar naming conventions, host indicators that families of malware leave behind, etc.
images/threat-grid-banner.jpg
Read the docs
https://ciscosecurity-tg-00-integration-workflows.readthedocs-hosted.com/en/latest/
_blank
button
btn-lg-wide btn-outline-white
What can you do with Secure Malware Analytics APIs?
Sample Analysis
Submit Files for analysis
Parse results for indicators
Take action in the environment
Context and Enrichment
Associate indicators with a malware family
Link a payload delivery to a Word Doc
Correlate host and network indicators
Threat Hunting
Find naming patterns in files or domains
Map out infrastructure used in a campaign
Collect command line arguments used by malware
Get started with the Learning Labs
-
images/learning-lab-small.svg
https://learninglabs.cisco.com/lab/Cisco%20threatGrid-101/step/1
_blank
Introduction to Cisco Threat Grid Platform
The purpose of this learning lab is to understand the basics of the Cisco Threat Grid platform.
-
images/learning-lab-small.svg
https://learninglabs.cisco.com/lab/Introduction%20to%20the%20Cisco%20Threat%20Grid%20API/step/1
_blank
Introduction to the Threat Grid API
The purpose of this learning lab is to understand the basics of the Cisco Threat Grid API and how to easily operationalize the threat intelligence it makes available.
Find sample code and scripts
View more sample code
https://github.com/search?q=topic%3Athreat-grid+org%3ACiscoSecurity
_blank
button
btn-primary btn-lg-wide
-
Threat Grid Basics
https://github.com/CiscoSecurity/tg-01-basics
_blank
Cisco
Scripts that cover the basics of interacting with the Threat Grid API
Python
-
Working with Tags
https://github.com/CiscoSecurity/tg-01-tags
_blank
Cisco
Scripts to leverage tagging capabilities of Threat Grid
Python
-
Bulk Submit
https://github.com/CiscoSecurity/tg-04-bulk-submit
_blank
Cisco
Easily submit files in bulk to Threat Grid via the API
Python
-
Sample Collection
https://github.com/CiscoSecurity/tg-04-continuous-sample-collection
_blank
Cisco
Example of continuously collecting Sample ID's for and organizations submitted samples
Python
-
Rate Limit Check
https://github.com/CiscoSecurity/tg-04-rate-limit-check
_blank
Cisco
Check the user and organization API rate limits for a given API Key
Python
-
Indicator to IPs and Domains
https://github.com/CiscoSecurity/tg-04-indicator-to-ips-domains
_blank
Cisco
Query for one or more indicators and get a list of public IPs and domains
Python
Questions? We are here to help.
Bring your questions to the Cisco Security Developer community! Engage, collaborate and share with your fellow experts in the developer forum.
https://pubhub.devnetcloud.com/media/securex/site/images/securex-community.png
Go to the forum
https://community.cisco.com/t5/other-security/bd-p/j-disc-dev-security
_blank
button
btn-lg-wide btn-outline-white
