Connect to an On-Premises Dynamic Analysis Appliance

If you install an on-premises Secure Malware Analytics Appliance on your network, you can configure a dynamic analysis connection to submit files and retrieve reports from the appliance. When configuring the on-premises appliance dynamic analysis connection, you register the Secure Firewall Management Center to the on-premises appliance.

Before you begin

Set up your on-premises Secure Malware Analytics Appliance.

Documentation for this appliance is available from https://www.cisco.com/c/en/us/support/security/amp-threat-grid-appliances/tsd-products-support-series-home.html.

For version requirements, see the Cisco Firepower Compatibility Guide.
If your Secure Malware Analytics Appliance uses a self-signed public-key certificate, download the certificate from the Secure Malware Analytics Appliance; see the Administrator's Guide for your Secure Malware Analytics Appliance for information.

If you use a certificate signed by a Certificate Authority (CA), the certificate must meet the following requirements:
- The server key and signed certificate must be installed on the Secure Malware Analytics Appliance. Follow the upload instructions in the Administrator's Guide for your Secure Malware Analytics Appliance.
- If there is a multi-level signing chain of CAs, all required intermediate certificates and the root certificate must be contained in a single file that will be uploaded to the management center.
- All certificates must be PEM-encoded.
- The file's newlines must be UNIX, not DOS.
Managed devices must have direct or proxied access to the Secure Malware Analytics Appliance on port 443.

Procedure

Step 1	Choose Integration > AMP > Dynamic Analysis Connections.
Step 2	Click Add New Connection.
Step 3	Enter a Name.
Step 4	Enter a Host.
Step 5	Next to Certificate Upload, click Browse to upload the certificate for the on-premises appliance. If the Secure Malware Analytics Appliance will present a self-signed certificate, upload the certificate you downloaded from that appliance. If the Secure Malware Analytics Appliance will present a CA-signed certificate, upload the file containing the certificate signing chain.
Step 6	If you want to use a configured proxy to establish the connection, check the check box of Use Proxy When Available.
Step 7	Click Register.
Step 8	Click Yes to display the on-premises Secure Malware Analytics Appliance login page.
Step 9	Enter your username and password to the on-premises Secure Malware Analytics Appliance.
Step 10	Click Sign in.
Step 11	You have the following options: If you previously registered the Secure Firewall Management Center to the on-premises appliance, click Return. If you did not register the Secure Firewall Management Center, click Activate.