Administration Portal User...

FireAMP Private CloudAdministration Portal User Guide

Version 2.0.2

Legal Notices

Cisco, the Cisco logo, Sourcefire, the Sourcefire logo, Snort, the Snort and Pig logo, and certain other trademarks and logos are trademarks or registered trademarks of Cisco and/or its affiliates in the United States and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company.

The legal notices, disclaimers, terms of use, and other information contained herein (the "terms") apply only to the information discussed in this documentation (the "Documentation") and your use of it. These terms do not apply to or govern the use of websites controlled by Cisco or its subsidiaries (collectively, "Cisco") or any Sourcefire-provided or Cisco-provided products. Sourcefire and Cisco products are available for purchase and subject to a separate license agreement and/or terms of use containing very different terms and conditions.

The copyright in the Documentation is owned by Cisco and is protected by copyright and other intellectual property laws of the United States and other countries. You may use, print out, save on a retrieval system, and otherwise copy and distribute the Documentation solely for non-commercial use, provided that you (i) do not modify the Documentation in any way and (ii) always include Cisco’s copyright, trademark, and other proprietary notices, as well as a link to, or print out of, the full contents of this page and its terms.

No part of the Documentation may be used in a compilation or otherwise incorporated into another work or with or into any other documentation or user manuals, or be used to create derivative works, without the express prior written permission of Cisco. Cisco reserves the right to change the terms at any time, and your continued use of the Documentation shall be deemed an acceptance of those terms.

© 2004 - 2013 Cisco and/or its affiliates. All rights reserved.

Disclaimers

THE DOCUMENTATION AND ANY INFORMATION AVAILABLE FROM IT MAY INCLUDE INACCURACIES OR TYPOGRAPHICAL ERRORS. CISCO MAY CHANGE THE DOCUMENTATION FROM TIME TO TIME. CISCO MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE ACCURACY OR SUITABILITY OF ANY CISCO-CONTROLLED WEBSITE, THE DOCUMENTATION AND/OR ANY PRODUCT INFORMATION. CISCO-CONTROLLED WEBSITES, THE DOCUMENTATION AND ALL PRODUCT INFORMATION ARE PROVIDED "AS IS" AND CISCO DISCLAIMS ANY AND ALL EXPRESS AND IMPLIED WARRANTIES, INCLUDING BUT NOT LIMITED TO WARRANTIES OF TITLE AND THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL CISCO BE LIABLE TO YOU FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF DATA, LOSS OF PROFITS, AND/OR BUSINESS INTERRUPTIONS), ARISING OUT OF OR IN ANY WAY RELATED TO CISCO-CONTROLLED WEBSITES OR THE DOCUMENTATION, NO MATTER HOW CAUSED AND/OR WHETHER BASED ON CONTRACT, STRICT LIABILITY, NEGLIGENCE OR OTHER TORTUOUS ACTIVITY, OR ANY OTHER THEORY OF LIABILITY, EVEN IF CISCO IS ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME STATES/JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATIONS MAY NOT APPLY TO YOU.

2015-Sep-30 13:31

Chapter 1: Configuration ................................................................................ 4Cloud Server ......................................................................................................... 4

Device Summary .................................................................................................. 5

Network ................................................................................................................ 5

Proxy..................................................................................................................... 6

Notifications.......................................................................................................... 7

License ................................................................................................................. 7

Email ..................................................................................................................... 8

Change Password................................................................................................. 8

Scheduled Backups............................................................................................... 8

SSL ....................................................................................................................... 9

SSH....................................................................................................................... 9

Syslog ................................................................................................................... 9

Date and Time ...................................................................................................... 9

Updates .............................................................................................................. 10

Chapter 2: Operations................................................................................... 11Backups .............................................................................................................. 11

Storage Containers ............................................................................................. 11

Maintenance Mode............................................................................................. 13

Apply Configuration ............................................................................................ 13

Registration......................................................................................................... 13

Update Device .................................................................................................... 14Cloud Proxy Mode ................................................................................. 14Air Gap Mode......................................................................................... 14

Chapter 3: Status........................................................................................... 16About .................................................................................................................. 16

Metrics................................................................................................................ 16Key......................................................................................................... 16Cloud Server .......................................................................................... 17Disk Performance .................................................................................. 17Disk Usage............................................................................................. 17System................................................................................................... 17

Notifications........................................................................................................ 18

Version 2.0.2 Sourcefire FireAMP Private Cloud 1

Chapter 4: Support ........................................................................................ 19Live Support Session .......................................................................................... 19

Support Snapshots ............................................................................................. 19

Link to Defense Center....................................................................................... 20Self-signed Certificate............................................................................ 20

Supporting Documents....................................................................................... 21

Appendix A: Command Line Tools.................................................................. 22AMP-CTL Commands ......................................................................................... 22

backup.................................................................................................... 23chef ........................................................................................................ 23check...................................................................................................... 23config-updates ....................................................................................... 24maintenance .......................................................................................... 24ntpdate................................................................................................... 24power..................................................................................................... 25reboot .................................................................................................... 25register................................................................................................... 25service ................................................................................................... 26shutdown............................................................................................... 27update.................................................................................................... 27update-check.......................................................................................... 27update-check-content............................................................................. 28update-content....................................................................................... 28

AMP-Storage-Container Commands................................................................... 28create..................................................................................................... 29destroy................................................................................................... 29disks....................................................................................................... 30grow....................................................................................................... 30health ..................................................................................................... 30list .......................................................................................................... 31rescan .................................................................................................... 31

Appendix B: amp-sync..................................................................................... 32System requirements ......................................................................................... 32

CentOS .................................................................................................. 33Windows 7 x86...................................................................................... 33Windows 7 x64...................................................................................... 34


amp-sync commands.......................................................................................... 35all ........................................................................................................... 35fetch....................................................................................................... 36package.................................................................................................. 37verify ...................................................................................................... 38

Appendix C: Subscription Agreement........................................................... 39


CHAPTER 1CONFIGURATION

This section describes all the configuration options for the FireAMP Private Cloud device.

Cloud Server(Cloud proxy mode only) Cloud Server settings allow you to establish communications between your FireAMP Private Cloud device and Sourcefire cloud servers or another Private Cloud device.

Cloud Server Configuration is used to specify the server your Private Cloud device will send requests to. You can specify North America, Europe, or a custom upstream server by selecting the appropriate entry in the Server pulldown.

IMPORTANT! A Custom Upstream Server must be another FireAMP Private Cloud device.

If you select to use a custom upstream server you must enter its address or name in the Server Address field. If you choose one of the Sourcefire servers the address will be populated automatically.

The Server Public Key field contains the public key of the upstream server. If you are using a custom upstream server you must upload its public key here. The public keys of the Sourcefire servers will be populated automatically.

Upstream Protocol allows you to specify whether to use TCP port 443 or 32137 to communicate with the upstream server. Using TCP 443 will result in slower file lookups because of the additional overhead involved with SSL traffic.


ConfigurationDevice Summary Chapter 1

If you choose TCP 443 as your Upstream Protocol, you can choose to set SSL Mode to Secure or Insecure. Secure Mode will validate the certificate of the Upstream Server while Insecure Mode will not perform any certificate validation.

The Cloud Server Identity is displayed in case it is requested by a support engineer. The Client Identity is unique to each Private Cloud device.

Server Keys are displayed here in case they are requested by support. If you are setting this device up as a custom upstream server, you will need to download the public key so that you can upload it to the Server Public Key field under Upstream Server on any downstream Private Cloud devices.

Device SummaryThe Device Summary shows your current configuration settings. The installation type, initial FireAMP Console account information, storage configuration, and recovery status are displayed. Some of these settings cannot be changed after the device has been configured and are only displayed for informational purposes.

NetworkThe Network page allows you to change the configuration of your device interface and link a Sourcefire Defence Center to your Private Cloud device.

Interface Configuration changes the IP address assignment of eth1. Your FireAMP Console and Cloud Server services are running on this interface.

WARNING! If you change the IP address of the interface you must also update the DNS records for your FireAMP Console and Cloud Server to point to the new address.


ConfigurationProxy Chapter 1

FireAMP Console is the DNS name where the FireAMP administrator can access the FireAMP Console and FireAMP Connectors receive new policies and updates.

Cloud Server is the DNS name where the FireAMP Connectors send and retrieve cloud lookup information.

WARNING! Existing FireAMP Connectors will expect services to be available at the original DNS names assigned to the Cloud Server and FireAMP Console. If you change the DNS names of these services you must continue to make the old DNS names available until all of your FireAMP Connectors have obtained an updated policy.

Defense Center Link lets you link a Sourcefire Defense Center device to your Private Cloud device. This allows you to display FireAMP data in your Defense Center dashboard. For more information on Defense Center integration with FireAMP see your Defense Center documentation.

ProxyIf there is a proxy between your FireAMP Private Cloud device and the upstream server, you must specify the settings on this page. Only HTTP proxies are supported.

Hostname is the name or IP address of the proxy.

Port is the port number the proxy listens on.

Authentication can be None or Basic. If you select Basic you must also provide the Username and Password for proxy authentication.


ConfigurationNotifications Chapter 1

NotificationsNotifications are alerts and informational messages about your FireAMP Private Cloud device. These include audit, recovery, health, and system events. You can enter one or more email addresses to receive the notifications along with the notification frequency.

Enter the email addresses of the individuals or distribution groups to receive these alerts in the Notification Recipients field. Multiple email address entries must be separated by a comma.

Critical Notification Frequency lets you set how often critical device notifications are sent. Critical notifications can be set with a different frequency since these events usually require immediate attention and have an impact on the functionality of your FireAMP Private Cloud device, the FireAMP Console, and FireAMP Connectors.

IMPORTANT! It is highly recommended that the Critical Notification Frequency be set to 5 minutes as these alerts will require immediate attention to continue uninterrupted service.

Notification Frequency lets you set how often all other notifications are sent. Since these notifications are not critical a longer interval can safely be used.

Once you configure notifications you can click the Send a Test Notification button to verify your settings.

LicenseThe license page allows you to view information about your current FireAMP Private Cloud license and install a new license. On this page you will find your Device ID, the Licensee and Business that the license is assigned to, the Validity dates of the license, and the Product SKU and number of Seats.


ConfigurationEmail Chapter 1

To install a new license click Choose File and select your license file. Enter the accompanying Passphrase for the license and click Upload.

EmailThe Email configuration page allows you to choose how your device will send email notifications. This includes device notifications and subscription email from the FireAMP console.

You can set the SMTP configuration to have the device send email messages directly, or you can configure the device to route all email through an upstream relay.

If you choose to use an upstream relay you will have to enter the upstream host and port number. If the upstream relay uses SASL authentication you will also have to provide a username and password. Once your SMTP server settings are complete you will need to reconfigure the device then go to Configuration > Notifications to send a test notification to verify email delivery.

Change PasswordThe change password screen allows you to change the password required to access the FireAMP Private Cloud Administration Portal and the device console. This is effectively the root password for your FireAMP Private Cloud device.

WARNING! The device console does not support non-keyboard characters. If you set a password using these characters you will not be able to authenticate to the device console.

Scheduled BackupsThe scheduled backups page displays your current automated backup schedule and retention policy. Backup files contain your FireAMP Private Cloud databases and are saved in /data/backups as tgz files. This represents the date and time the backup file was created.


ConfigurationSSL Chapter 1

SSLThe SSL page allows you to replace the default certificates for the Administration Portal, Cloud Proxy, and FireAMP Console network interfaces. DSA, RSA and Elliptic Curve certificates are supported.

WARNING! Installing a certificate that cannot be validated by your FireAMP Connectors will cause the Connectors to become orphaned from the FireAMP Console.

SSHThe SSH screen allows you to add public keys to the device to allow remote shell access to the Administration Portal. SSH keys also give the user remote root authentication to the device. Only trusted users should be granted access.

SyslogYou can configure your Private Cloud device to send log events and FireAMP notifications to a remote syslog server. Enter the hostname of the syslog server and select TCP or UDP to enable this feature. You can specify a specific port by appending a colon and port number to the hostname. If you don’t supply a port number, TCP port 514 will be used by default. Leaving the hostname field blank will disable the syslog feature.

Date and TimeThis page allows you to synchronize your current time and specify Network Time Protocol (NTP) servers for your device to synchronize with. Setting the correct date and time on your device is important as time skew can cause problems with your FireAMP deployment.

Click Synchronize with Browser to synchronize the date and time on your device with the computer you are configuring the device from.

Enter one or more NTP servers to synchronize with. These NTP servers can be internal or external, as long as the device can access them on UDP port 123. You can run amp-ctl ntpdate from the device console command line interface to force an immediate synchronization between your device and the configured NTP servers.


ConfigurationUpdates Chapter 1

UpdatesThe Updates page is used to configure Device Updates and Content Updates. Device Updates include new and updated operating system binaries to add functionality, improve performance, and patch bugs. Content Updates include new TETRA and Mac definitions, SPERO trees, and IP white and black lists.

Device Update Frequency can be set to Daily, Weekly, or Never. The Action taken can be to Notify that a new update is available or to Download the update. You can also select the Hour of the day that you want the update check to occur.

Content Update Frequency can be set to Hourly, Daily, Weekly, or Never. The Action taken can be to Download the update, Notify that an update is available, or Apply/Install the update. You can also select the Hour of the day that you want the update check to occur unless you select a Frequency of Hourly.

WARNING! Setting a large interval between content updates could result in heavy network traffic when an update is downloaded. If you set a large interval between updates make sure to schedule the update at a time when network demand will be low for an extended period such as during the night or on a weekend.


CHAPTER 2OPERATIONS

This section describes the operational aspects of maintaining the FireAMP Private Cloud device.

BackupsThe Backups page allows you to perform manual backups of your device and download previous backups. Older backups or backups you have already moved off site can also be deleted to free disk space on your device.

Click the Perform Backup button to start an immediate backup of your databases. This is useful before updating the device software or performing other maintenance tasks like adding additional storage.

WARNING! Backups include sensitive information like passwords and cryptographic key material so they should always be stored in secure locations with limited access.

Storage ContainersThe Storage Containers page is used to allocate additional space to your existing storage containers. Before you can allocate additional space you will have to add a


OperationsStorage Containers Chapter 2

storage device to your virtual machine. See your virtual machine management software documentation for more information.

IMPORTANT! After adding a new storage device you may need to reboot your Private Cloud device or run amp-storage-container rescan from the device console before it is available.

When a storage device is available you will see an entry for it under Available Storage Devices.

You can then click the Grow button next to the data or root storage containers to grow them.

WARNING! To grow a storage container your device will be put into Maintenance Mode. While the device is in Maintenance Mode most external connectivity to the device will be disrupted.

Once you select which existing storage container you want to grow you can choose to add any available devices to the container then click Grow Storage Container.


OperationsMaintenance Mode Chapter 2

Once you have added the additional devices to your storage container they will be listed under that storage container.

Maintenance ModeMaintenance Mode stops all external services on your FireAMP Private Cloud device. It should only be used when adding additional storage to the device, updating the device, or when instructed by support during extended troubleshooting.

WARNING! While the device is in Maintenance Mode your FireAMP Connectors will not be able to perform cloud lookups. Only put the device into Maintenance Mode when required and take it out of Maintenance Mode immediately after.

Apply ConfigurationYour device must be reconfigured after changing certain settings. Usually a notification that the device requires reconfiguration will be displayed after you change one of these settings. If you want to change multiple settings at once you can change each one then navigate to this page to reconfigure the device.

Registration(Cloud proxy mode only) Registration allows you to verify connectivity between your device and Sourcefire cloud servers. If you change proxy or firewall configuration settings you can verify connectivity through this page. If you are experiencing a 100% cloud query failure rate you can also re-register to see if this corrects the problem.


OperationsUpdate Device Chapter 2

Update DeviceThe Update Device page allows you to update the definitions for your FireAMP Connectors, DFC lists, SPERO trees, and the Private Cloud device software. In cloud proxy mode you simply need an Internet connection from your device to Cisco servers, while in air gap mode you will have to use amp-sync to create an ISO file and mount it in your virtual machine.

Cloud Proxy ModeYou can check for content updates for your FireAMP Connectors outside of your scheduled Updates or if you have chosen not to have your device check for updates automatically. Content updates include TETRA and Mac definitions, SPERO trees, and IP white and black lists. Click Check / Download Updates to check for new updates and download them to your device. Click Update Content once the download has completed to apply the update. You can also view the update details by clicking on the information link.

WARNING! If you have not downloaded new device content for a long period of time make sure to initiate the update at a time when network demand will be low for an extended period such as during the night or on a weekend as the size of the update could be significant.

You can also check for updates to your FireAMP Private Cloud device outside of your scheduled Updates or if you have chosen not to have your device check for updates automatically. Click Check / Download Updates to check for new updates and download them to your device. Click Update Software once the download has completed. Your device will automatically be put into Maintenance Mode before running the update. You can also view the update details by clicking on the information link.

IMPORTANT! Always perform a backup and take a snapshot of your device before running an update.

Air Gap ModeUse this page to mount the ISO created using amp-sync so that you can update your device. The ISO can contain software updates for your Private Cloud device and FireAMP Console as well as updates to the protect DB. The protect DB is a database containing file dispositions - files are classified by SHA-256 value as being clean or malicious. If you do not install a protect DB all files will be classified as having an unknown disposition.

Attach your ISO file to the device through your virtual machine software, then click Check Update ISO. The first time you go to the Updates / Protect DB page and


OperationsUpdate Device Chapter 2

mount an ISO with a protect DB, click Import protect DB to load a protect database on your device.

If you already have a protect DB installed you can click the Update Software button to install software updates or click the Update Content button to install incremental updates to your protect DB. Importing a protect DB and updating the device software will automatically put the device into Maintenance Mode.

WARNING! Do not unmount your ISO during an update as this can put your device into an unusable state. Detaching your ISO from the virtual machine without unmounting it first can cause your device to stop responding.


CHAPTER 3STATUS

The items in the Status menu of your device give you information on software versions, various metrics, and the device event log.

AboutThe About page lists the version of your FireAMP Private Cloud device and version numbers of all associated packages. This information can be useful when troubleshooting issues with a support engineer.

MetricsMetrics include various operating statistics of your device, including the status of your cloud proxy, disk usage and performance, and system performance. Graphs in the granular metric views show the current trend by default but can also be expanded to the last hour, day, week, or month.

KeyKey metrics provide a representation of your current general device status at a glance. Click Details below each metric for a more detailed view of the particular metric. Metrics displayed in green are within normal operating parameters, while those in yellow or red require attention. Metrics displayed in yellow will require attention, but the device is still functional, while those in red require immediate attention as the device may be in a state that severely impacts its performance.


StatusMetrics Chapter 3

Cloud Server(Cloud proxy mode only) The FireAMP Private Cloud device functions as a proxy for cloud queries between your Connectors and the Sourcefire cloud or an upstream Private Cloud device. Cloud Server metrics describe communications between your device and the upstream destination.

Cloud Query Failure Rate displays the percentage of cloud queries that have failed.

Cloud Query Latency shows the latency in milliseconds for both upstream and downstream communication between your device and the Sourcefire cloud. High latency rates may indicate that your network link is running at or near capacity.

Cloud Query Rate shows the number of queries per second your device is handling.

Disk PerformanceDisk performance represents the seek time for disk reads and writes.

Disk latency : sda represents the latency for your first storage device, the boot partition by default.

Disk latency : sdb represents the latency for your second storage device, the root partition by default.

Disk latency : sdc represents the latency for your third storage device, the data partition by default.

If you have attached any other storage devices to your Private Cloud device they will each be listed here in a separate graph as sdc, sdd, sde, and so on.

Disk UsageDisk Usage metrics indicate the percentage of used drive space and inodes. High disk usage percentage can be resolved by adding additional storage to your virtual machine and allocating it to the appropriate partition.

Disk Usage: / shows the disk usage of your root partition. This partition contains the operating system and software packages.

Disk Usage: /boot shows the disk usage of your boot partition. This partition contains the boot loader for your device.

Disk Usage: /data shows the data usage of your data partition. This partition contains all the databases used by your device.

SystemSystem metrics show the CPU and RAM usage on the device. While it is normal for these metrics to show spikes due to periods of high demand, sustained levels


StatusNotifications Chapter 3

in yellow or red may indicate that the device requires more CPU cores or additional RAM allocated to the virtual machine.

CPU Usage shows the percentage of cycles the device is consuming. Both kernel and total cycles are displayed.

Memory Usage shows the percentage of RAM in use. Memory usage with and without caching are displayed.

NotificationsThe Notifications page shows various events on your FireAMP Private Cloud device. Events categories include Audit, Recovery, Health, and System. Click the category buttons at the top of the page to filter on these types.

Audit events are related to logins and password changes.

Recovery events include scheduled backups and pruning of stale backup files defined by your backup retention setting.

Health events cover the device health such as disk space and latency, cloud connectivity, and CPU and memory usage.

System events are all actions that occur on a system level such as updates, configuration changes, and when the device enters and leaves maintenance mode.

Events are also divided into four severity levels.

Notice events are normal operating events that are logged.

Warning events can affect device performance and connectivity but are within operating parameters, such as entering maintenance mode.

Error events affect device operations and require attention and intervention. The device may continue to operate after an error event but performance and connectivity may be impacted.

Critical events require immediate intervention to resume proper operations. Essential device operations will be impacted and continue to be impacted until corrected.


CHAPTER 4SUPPORT

This section describes how to start live support sessions and take support snapshots.

Live Support SessionLive Support Sessions allow a support engineer to connect to your FireAMP Private Cloud device remotely to assist in diagnosing and repairing problems. To maintain security and privacy support sessions use unique, per-session authentication keys that expire after the session is terminated.

Before starting a support session or submitting a support snapshot, you must send your support identity. The support identity is unique to your device and only needs to be sent once. The first time you open a ticket with support that requires a support session or snapshot, the support engineer will request your identity.

Support SnapshotsA support snapshot contains log files and system information to assist with the diagnosis of problems with your FireAMP Private Cloud device. To create a support snapshot, click the Create Snapshot button then select the information to include as directed by support. Click Go to generate the snapshot. You can click the Details button to see the commands being executed and any errors.

Once the snapshot has been generated, you can download it and attach it to your support case. After you have submitted the snapshot you can view the submission details or delete the snapshot.


SupportLink to Defense Center Chapter 4

Link to Defense CenterThis page allows you to connect a Defense Center to your FireAMP Private Cloud device. If you have not set up a Defense Center Link you will be prompted to do so. Follow the instructions on the page to link your Defense Center to your FireAMP Private Cloud device. You will need access to both the Defense Center console and the FireAMP Console to complete the link.

Self-signed CertificateIf you are using self-signed certificates, you must follow extra steps in order for your Defense Center to trust your Private Cloud device.

1. On your Private Cloud device navigate to Configuration > SSL.

Click the Replace button for each of the certificates and upload the .crt and .key that were generated.

2. Once all certs have been uploaded, click the Reconfigure Now button that shows up in a warning near the top of the screen (hover mouse over the warning to see the button).

It is not necessary to download the certs from the link at Support > Link to Defense Center.

3. On your desktop, create a file with a .crt extension like ca-combined.crt.

The file should contain the .crt that was uploaded in step 1 for Defense Center Link as well as each CA that was used in the signing chain for that certificate. Be sure to order the .crts so that each parent is after the child so that the root CA will be at the bottom of the file. Each .crt being added to the file should be in PEM format.

4. Install each CA .crt that you are adding to the file into your web browser’s trusted certificate authorities if they are not already installed.

It is recommended that the file be generated on a Unix system so that it contains Unix newlines, not DOS newlines. If the file was generated on a Windows system, the Unix command-line utility dos2unix can convert the file to Unix format.

5. Configure the FireAMP Private Cloud connection in the DC UI.

Navigate to AMP > AMP Management. Delete any existing Private Cloud device configurations. Click Create FireAMP Connection. Select Private Cloud and then fill in the name and host fields. For the Host field, be sure to enter the hostname that corresponds to the FireAMP Console hostname in the FireAMP Private Cloud Administration Portal page. For the Certificate Upload Path, click Browse and upload the file from step 3 from your desktop.


SupportSupporting Documents Chapter 4

6. Click Register then click OK for the redirect prompt.

The DC should establish the FireAMP Connection in the back end then redirect the browser to the host that was entered into the connection configuration dialog box.

At this point if the CAs from the file in step 3 are not installed in your browser, you will get a browser certificate validation failure. If this happens, install each of the CAs individually in your browser’s certificate authorities and re-attempt configuration in the DC UI. If there are any problems with your certificates, such as the CN not matching the hostname, or there being duplicate data in the CAs, your browser will probably report this error and fail to connect. Correct this by regenerating your CAs and cert without the error being reported and start over at step 1. It may be necessary to delete any failed registrations from the FireAMP Console at Accounts > Applications by clicking the Deregister button next to the hostname/IP of the DC that failed registration. It may be necessary to attempt registration more than once. Assuming the browser redirect is successful, complete the registration in the Cloud server UI by clicking the Allow button in the Cloud server UI.

Supporting DocumentsThe most up to date versions of the Sourcefire FireAMP Private Cloud documents can be found at the following links.

FireAMP Private Cloud Administration Portal User Guide

FireAMP Private Cloud Console User Guide

FireAMP Private Cloud Quick Start Guide

FireAMP Private Cloud Deployment Strategy Guide

FireAMP Private Cloud Release Notes


http://immunet-janus-helpdoc.s3.amazonaws.com/FireAMPPrivateCloudUserGuide.pdf

http://immunet-janus-helpdoc.s3.amazonaws.com/FireAMPPrivateCloudConsoleUserGuide.pdf

http://immunet-janus-helpdoc.s3.amazonaws.com/FireAMPPrivateCloudQuickStartGuide.pdf

http://immunet-janus-helpdoc.s3.amazonaws.com/FireAMPPrivateCloudDeploymentStrategy.pdf

http://immunet-janus-helpdoc.s3.amazonaws.com/Private%20Cloud%20Release%20Notes.pdf

APPENDIX ACOMMAND LINE TOOLS

The FireAMP Private Cloud device console includes several command line tools to manage your device. Go to your device console and select Console from the menu to launch the command line interface (CLI).

AMP-CTL CommandsYou can get a list of commands by typing amp-ctl -h at the prompt. Type amp-ctl <command> -h to get help on a specific command. All [options] are optional, while all <options> are required.

The following sections describe the amp-ctl commands:

• backup on page 23

• chef on page 23

• check on page 23

• config-updates on page 24

• maintenance on page 24

• ntpdate on page 24

• power on page 25

• reboot on page 25

• register on page 25

• service on page 26

• shutdown on page 27

• update on page 27


Command Line ToolsAMP-CTL Commands Appendix A

• update-check on page 27

• update-check-content on page 28

• update-content on page 28

backupAllows the user to create a backup of the device configuration and databases.

Syntax

amp-ctl backup <target-path>

where target-path is the directory where the backup will be saved. You can also save to a .tgz file by specifying a filename ending in .tgz at the end of your target path.

Example

> amp-ctl backup /tmp/backups/

chefChef performs configuration or reconfiguration of the device.

Syntax

amp-ctl chef [options] <operation>

where options are -f to force the operation, -v for verbose output, and -h for help. Operation can be opadmin to configure changes to the administration portal or periodic to run the periodic configuration.

Example

> amp-ctl chef opadmin

checkCheck device connectivity, see if it is ready to be updated, or check for configuration problems.

Syntax

amp-ctl check [options] [operation]

where options are -v for verbose output and -h for help. Operation can be connectivity to check that the device can connect to external hosts, pre-update to check that the device is ready for an update, and sanity to check for configuration problems.

Example

> amp-ctl check connectivity



config-updatesConfigure update settings for the device such as frequency, automatic downloads, and the update server to use.

Syntax

amp-ctl config-updates [options]

where options are:

-C [action] Set the automatic content update action to notify, download, or install.

-c [freq] Set the automatic content update frequency to never, 1h, 1d, or 1w.

-S [host] Set the content update server to [host].

-s [host] Set the software update server to [host].

-U [action] Set the software update action to notify or download.

-u [freq] Set the software update frequency to never, 1d, or 1w.

Example

> amp-ctl config-updates -C notify -c 1d

maintenanceCheck if the device is in maintenance mode or toggle maintenance mode.

Syntax

amp-ctl maintenance [options] [command]

where option can be -h to display the help. Command can be enable to enter maintenance mode, disable to leave maintenance mode, and query to display whether the device is currently in maintenance mode.

Example

> amp-ctl maintenance enable

ntpdateRun this command to force an immediate synchronization between your device and the specified NTP servers. You can also use this command to manually set the time and date on the device.



Syntax

amp-ctl ntpdate [options] [server]

where options can be -f to force a synchronization, -h to display the help, -s [STR] to set the time and date to [STR] in the format YYYY-MM-DD HH:MM:SS, and -v to increase the output verbosity.

Example

> amp-ctl ntpdate -s 2014-01-15 15:32:00

powerPower down or reboot your Private Cloud device. All running services will be terminated before the device shuts down.

Syntax

amp-ctl power [options] [command]

where options can be -h to display the help and command is cycle to reboot the device or off to shut the device down.

Example

> amp-ctl power off

rebootReboot your Private Cloud device. All running services will be terminated before the device shuts down.

Syntax

amp-ctl reboot

Example

> amp-ctl reboot

registerUse this command to register a device with the FireAMP Cloud or an upstream device.

Syntax

amp-ctl register [options]

where options can be:

-B <path> Use an alternate public key file located at <path> for the remote server.

-P <pstr> Use <pstr> for the protocol and protocol options string.



Example

> amp-ctl register -B /tmp/key/key.pub

serviceThis command lets you list and control the services running on the device.

Syntax

amp-ctl service [options] [command] [service]

where options can be -h to display the help or -v for verbose output. Service is the name of an individual service and command can be:

-V <path> Use an alternate private key file located at <path> for the client identity.

-b <path> Use an alternate public key file located at <path> for the client identity.

-g <guid> Use <guid> as the connector GUID.

-f Force registration even if it has already completed.

-h Display the help.

-n Generate a notification event after the command has completed.

-p <count> Send <count> cloud-PING queries to the upstream server.

-s <host> Use <host> for the upstream server.

-v Enable verbose output.

disable Stop a service and prevent it from being restarted after a reboot.

enable Start a service and ensure it restarts after a reboot.

list List the device services.

restart Restart a service.

running Check if a service is running.



Example

> amp-ctl service list

shutdownPower off your Private Cloud device. All running services will be terminated before the device shuts down.

Syntax

amp-ctl shutdown

Example

> amp-ctl shutdown

updateInstalls any available updates.

Syntax

amp-ctl update [options]

where options can be -f to force the update when the pre-update check fails, and -h to display the help.

Example

> amp-ctl update -f

update-checkChecks your configured update server for any available updates.

start Start a service.

status Display the status of a service. If a service name is not specified it will display the status of all services.

stop Stop a service.

stop-all Stop all services.

term Terminate a service. If the service is enabled it will restart automatically.

term-all Terminate all services. Any services that are enabled will restart automatically.


Command Line ToolsAMP-Storage-Container Commands Appendix A

Syntax

amp-ctl update-check [options]

where options can be -d to download all available updates, -n to generate a notification event after the check has completed, -v to increase output verbosity, and -h to display the help.

Example

> amp-ctl update-check -d

update-check-contentCheck your configured update server for any available content updates. Content updates include TETRA definitions, SPERO trees, and IP white and black lists.

Syntax

amp-ctl update-check-content [options]

where options can be -d to download all available content updates, -n to generate a notification event after the check has completed, -v to increase output verbosity, and -h to display the help.

Example

> amp-ctl update-check-content -d -v

update-contentInstall available content updates downloaded using update-check-content.

Syntax

amp-ctl update-content [options]

where options can be -f to force the update when the pre-update check fails and -h to display the help.

Example

> amp-ctl update-content

AMP-Storage-Container CommandsThe amp-storage-container command is used to grow the storage containers on your device or create new ones. Before you can allocate additional space you will



have to add a storage device to your virtual machine. See your virtual machine management software documentation for more information.

IMPORTANT! After adding a new storage device you may need to reboot your Private Cloud device or run amp-storage-container rescan before it is available.

You can get a list of commands by typing amp-storage-container -h at the prompt. Type amp-storage-container <command> -h to get help on a specific command. All [options] are optional, while all <options> are required.

The following sections describe the amp-ctl commands:

• create on page 29

• destroy on page 29

• disks on page 30

• grow on page 30

• health on page 30

• list on page 31

• rescan on page 31

createUsed to create a new storage container on your device.

Syntax

amp-storage-container create [options] <container> <disk> [disk] [...]

where options can be -v to enable verbose output or -h to display help. Container will be one of your storage containers and disk will be the name of the block device(s) you added to your virtual machine.

Example

> amp-storage-container create data sddf

destroyUsed to destroy an existing storage container on your device.

Syntax

amp-storage-container destroy [options] <container>

where options can be -f to force the command to run, -y to skip confirmation, or -h to display help.



Example

> amp-storage-container destroy -y backups

disksThis command displays a list of the available block devices attached to your Private Cloud device available for use to grow an existing storage container or create a new one.

Syntax

amp-storage-container disks [options]

where options can be -j to return the output in JSON format, -v for verbose output, or -h to display the help.

Example

> amp-storage-container disks -v

growLets you add a block device to an existing storage container to add more disk space to it.

Syntax

amp-storage-container grow [options] <container> <disk> [disk] [...]

where options can be -x to grow an XFS container, -v for verbose output, and -h to display the help. Container will be one of your storage containers and disk will be the name of the block device(s) you added to your virtual machine.

Example

> amp-storage-container grow data sddd sdde sddf

healthChecks the health of all storage containers on the device.

Syntax

amp-storage-container health [options]

where options can be -v for verbose output or -h to display the help.

Example

> amp-storage-container health -v



listDisplay a list of all the storage containers that are currently configured on the device.

Syntax

amp-storage-container list [options]

where options can be -v for verbose output, -j to return the output in JSON format, or -h to display the help.

Example

> amp-storage-container list -j

rescanScans all available controllers for new disks. Use this command when you add a new disk to the virtual machine but it does not appear when you run the disks command.

Syntax

amp-storage-container rescan [options]

where option can be -v for verbose output.

Example

> amp-storage-container rescan -v


APPENDIX BAMP-SYNC

The FireAMP Private Cloud Sync tool allows you to download device and content updates from a remote host, then package the data into an ISO file that can be mounted on a Private Cloud device to update it in an air-gapped environment. Updates include the protect database, which contains file dispositions, and device updates. You should install amp-sync on a computer that has Internet access, sufficient drive space for updates, and a way to write the ISO to transferable media.

System requirementsTo run amp-sync you must have a computer running CentOS 6.6 or higher with at least 500 GB of free disk space. To transfer ISOs to your Private Cloud device in air gap mode, the computer must have the ability to write the ISO to external media such as a USB drive.


amp-syncSystem requirements Appendix B

CentOS

Installing dependenciesTo run amp-sync you will first have to install EPEL, curl, genisoimage, and xmlstarlet.

1. To enable the EPEL repo.> wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

> sudo rpm -ivh epel-release-6-8.noarch.rpm

2. Install dependencies via yum.> sudo yum install genisoimage

> sudo yum install xmlstarlet

> sudo yum install curl

Install amp-sync

1. Download amp-sync from your Private Cloud device and transfer it to your update host. On your update host run the following command:

> chmod 700 amp-sync

2. To view the amp-sync help:> ./amp-sync -h

3. To download all updates, verify them, and package them into an ISO:> ./amp-sync all

IMPORTANT! You will have to run amp-sync all when you first install the Private Cloud device in air gap mode in order to receive the protect database.

Windows 7 x861. Download and install the x86 version of Cygwin.

2. Run setup-x86.exe and go through the installation process choosing all the defaults.

3. Choose a download mirror.

4. Select the following packages to install:

All -> Net -> curl

All -> Utils -> genisoimage

All -> Utils -> xmlstarlet


amp-syncSystem requirements Appendix B

Install amp-sync

1. Download amp-sync from your Private Cloud device and transfer it to your update host in C:\cygwin\home\%username%\




Windows 7 x641. Download and install the x64 version of Cygwin.

2. Run setup-x86_64.exe and go through the installation process choosing all the defaults.

3. Choose a download mirror.

4. Select the following packages to install:

All -> Net -> curl

All -> Utils -> genisoimage

All -> Utils -> xmlstarlet

Install amp-sync

1. Download amp-sync from your Private Cloud device and transfer it to your update host in C:\cygwin\home\%username%\





amp-syncamp-sync commands Appendix B

amp-sync commandsYou can get a list of commands by typing ./amp-sync -h at the prompt. Type ./amp-sync <command> -h to get help on a specific command. All [options] are optional, while all <options> are required.

The following sections describe the amp-sync commands:

• all on page 35

• fetch on page 36

• package on page 37

• verify on page 38

allFetch, verify, and package content update data from a Cisco FireAMP update server to an ISO.

Syntax

./amp-sync all [options]

Where [options] can be:

-D Delete old database deltas. Requires -M.

-M <seq> Include deltas starting at sequence number <seq>. Use this option with the lowest sequence number needed across all of your FireAMP Private Cloud devices to reduce the amount of data fetched and stored on your ISO.

-N Fetch new snapshot. A full database snapshot is fetched the first time a fetch is done. Afterwards, only deltas are retrieved. Snapshots are loaded by a FireAMP Private Cloud device only when installing or restoring from backup. Use this option to refresh the snapshot available on your update ISO before installing or restoring a device to avoid needing to apply a large amount of deltas.

-X Exclude snapshot. Use this option to reduce the size of your ISO. An ISO generated with this option can only be used to update a Private Cloud device, not to install or restore one.

-h Display this help information.

-l <rate> Limit download speed to <rate> bytes per second. Defaults to having no limit.

-o <file> Output to <file> instead of %{PRODUCT}-%{VERSION}-Updates-%{DATE}.iso.



Example

> ./amp-sync all -X

fetchFetch update and content update data from a Cisco FireAMP update server.

Syntax

./amp-sync fetch [options]


-P <size> Split file into <size>-byte chunks. The <size> may be a number indicating the number of bytes to use, or one of the following presets:• bluray1 - Single Layer Blu-Ray Disc (25 GB)• bluray2 - Double Layer Blu-Ray Disc (50 GB)• bluray3 - 3-Layer XL Blu-Ray Disc (100 GB)• bluray4 - 4-Layer XL Blu-Ray Disc (128 GB)• cd - CD (700 MB)• dvd - DVD (4.7 GB)

-p <proto> Use protocol <proto> to download. Valid protocols are http and https. Defaults to https.

-s <host> Use <host> as your update server. Defaults to packages.amp.sourcefire.com.

-v Increase output verbosity.

-D Delete old database deltas. Must be used in combination with -M, in which case delta files earlier than the specified version will be deleted from the local system. Use this to reduce the storage space being used on your update host.

-M <seq> Fetch deltas starting at sequence number <seq>. Use this option with the lowest sequence number needed across all of your FireAMP Private Cloud devices to reduce the amount of data fetched on a new update host.

-N Fetch new snapshot. A full database snapshot is fetched the first time a fetch is done. Afterwards, only deltas are retrieved. Snapshots are loaded by a FireAMP Private Cloud device only when installing or restoring from backup. Use this option to refresh the snapshot available on your update ISO before installing or restoring a device.



Example

> ./amp-sync fetch -R

packagePackage fetched update data into an ISO file.

Syntax

./amp-sync package [options]


-R Resume. Try downloading a previously started download again, without checking the server for new content. Use this when you're using a slow network link and are having problems completing a full download.


-l <rate> Limit download speed to <rate> bytes per second. Defaults to having no limit.

-p <proto> Use protocol <proto> to download. Valid protocols are http and https. Defaults to https.

-s <host> Use <host> as your update server. Defaults to packages.amp.sourcefire.com.


-M <seq> Package deltas starting at sequence number <seq>. Use this option with the lowest sequence number needed across all of your FireAMP Private Cloud devices to reduce the size of the generated ISO.

-X Exclude protect db snapshot. Use this option to reduce the size of your ISO. An ISO generated with this option can only be used to update a Private Cloud device, not to install or restore one.


-o <file> Output to <file> instead of %{PRODUCT}-%{VERSION}-Updates-%{DATE}.iso.



Example

> ./amp-sync package -o newfile.iso

verifyVerify downloaded update data.

Syntax

./amp-sync verify [options]


-e Exit early with an error on the first verification failure.


-q Run quietly with minimal output.


Example

> ./amp-sync verify -e

-P <size> Split file into <size>-byte chunks. The <size> may be a number indicating the number of bytes to use, or one of the following presets:• bluray1 - Single Layer Blu-Ray Disc (25 GB)• bluray2 - Double Layer Blu-Ray Disc (50 GB)• bluray3 - 3-Layer XL Blu-Ray Disc (100 GB)• bluray4 - 4-Layer XL Blu-Ray Disc (128 GB)• cd - CD (700 MB)• dvd - DVD (4.7 GB)



APPENDIX CSUBSCRIPTION AGREEMENT

End User License Agreement

FireAMP Product

IMPORTANT: PLEASE READ THIS END USER LICENSE AGREEMENT CAREFULLY.

IT IS VERY IMPORTANT THAT YOU CHECK THAT YOU ARE PURCHASING CISCO SOFTWARE OR EQUIPMENT FROM AN APPROVED SOURCE AND THAT YOU, OR THE ENTITY YOU REPRESENT (COLLECTIVELY, THE “CUSTOMER”) HAVE BEEN REGISTERED AS THE END USER FOR THE PURPOSES OF THIS CISCO END USER LICENSE AGREEMENT. IF YOU ARE NOT REGISTERED AS THE END USER YOU HAVE NO LICENSE TO USE THE SOFTWARE AND THE LIMITED WARRANTY IN THIS END USER LICENSE AGREEMENT DOES NOT APPLY. ASSUMING YOU HAVE PURCHASED FROM AN APPROVED SOURCE, DOWNLOADING, INSTALLING OR USING CISCO OR CISCO-SUPPLIED SOFTWARE CONSTITUTES ACCEPTANCE OF THIS AGREEMENT.

CISCO SYSTEMS, INC. OR ITS SUBSIDIARY LICENSING THE SOFTWARE INSTEAD OF CISCO SYSTEMS, INC. (“CISCO”) IS WILLING TO LICENSE THIS SOFTWARE TO YOU ONLY UPON THE CONDITION THAT YOU PURCHASED THE SOFTWARE FROM AN APPROVED SOURCE AND THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS END USER LICENSE AGREEMENT PLUS ANY ADDITIONAL LIMITATIONS ON THE LICENSE SET FORTH IN A SUPPLEMENTAL LICENSE AGREEMENT ACCOMPANYING THE PRODUCT OR AVAILABLE AT THE TIME OF YOUR ORDER (COLLECTIVELY THE “AGREEMENT”). TO THE EXTENT OF ANY CONFLICT BETWEEN THE TERMS OF THIS END USER LICENSE AGREEMENT AND ANY SUPPLEMENTAL LICENSE AGREEMENT, THE SUPPLEMENTAL LICENSE AGREEMENT SHALL


Subscription AgreementAppendix C

APPLY. BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE, YOU ARE REPRESENTING THAT YOU PURCHASED THE SOFTWARE FROM AN APPROVED SOURCE AND BINDING YOURSELF TO THE AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THE AGREEMENT, THEN CISCO IS UNWILLING TO LICENSE THE SOFTWARE TO YOU AND (A) YOU MAY NOT DOWNLOAD, INSTALL OR USE THE SOFTWARE, AND (B) YOU MAY RETURN THE SOFTWARE (INCLUDING ANY UNOPENED CD PACKAGE AND ANY WRITTEN MATERIALS) FOR A FULL REFUND, OR, IF THE SOFTWARE AND WRITTEN MATERIALS ARE SUPPLIED AS PART OF ANOTHER PRODUCT, YOU MAY RETURN THE ENTIRE PRODUCT FOR A FULL REFUND. YOUR RIGHT TO RETURN AND REFUND EXPIRES 30 DAYS AFTER PURCHASE FROM AN APPROVED SOURCE, AND APPLIES ONLY IF YOU ARE THE ORIGINAL AND REGISTERED END USER PURCHASER. FOR THE PURPOSES OF THIS END USER LICENSE AGREEMENT, AN "APPROVED SOURCE" MEANS (A) CISCO; OR (B) A DISTRIBUTOR OR SYSTEMS INTEGRATOR AUTHORIZED BY CISCO TO DISTRIBUTE / SELL CISCO EQUIPMENT, SOFTWARE AND SERVICES WITHIN YOUR TERRITORY TO END USERS; OR (C) A RESELLER AUTHORIZED BY ANY SUCH DISTRIBUTOR OR SYSTEMS INTEGRATOR IN ACCORDANCE WITH THE TERMS OF THE DISTRIBUTOR'S AGREEMENT WITH CISCO TO DISTRIBUTE / SELL THE CISCO EQUIPMENT, SOFTWARE AND SERVICES WITHIN YOUR TERRITORY TO END USERS.

THE FOLLOWING TERMS OF THE AGREEMENT GOVERN CUSTOMER'S USE OF THE SOFTWARE (DEFINED BELOW), EXCEPT TO THE EXTENT: (A) THERE IS A SEPARATE SIGNED CONTRACT BETWEEN CUSTOMER AND CISCO GOVERNING CUSTOMER'S USE OF THE SOFTWARE, OR (B) THE SOFTWARE INCLUDES A SEPARATE “CLICK-ACCEPT” LICENSE AGREEMENT OR THIRD PARTY LICENSE AGREEMENT AS PART OF THE INSTALLATION OR DOWNLOAD PROCESS GOVERNING CUSTOMER'S USE OF THE SOFTWARE. TO THE EXTENT OF A CONFLICT BETWEEN THE PROVISIONS OF THE FOREGOING DOCUMENTS, THE ORDER OF PRECEDENCE SHALL BE (1) THE SIGNED CONTRACT, (2) THE CLICK-ACCEPT AGREEMENT OR THIRD PARTY LICENSE AGREEMENT, AND (3) THE AGREEMENT. FOR PURPOSES OF THE AGREEMENT, “SOFTWARE” SHALL MEAN COMPUTER PROGRAMS, INCLUDING FIRMWARE AND COMPUTER PROGRAMS EMBEDDED IN CISCO EQUIPMENT, AS PROVIDED TO CUSTOMER BY AN APPROVED SOURCE, AND ANY UPGRADES, UPDATES, BUG FIXES OR MODIFIED VERSIONS THERETO (COLLECTIVELY, “UPGRADES”), ANY OF THE SAME WHICH HAS BEEN RELICENSED UNDER THE CISCO SOFTWARE TRANSFER AND RE-LICENSING POLICY (AS MAY BE AMENDED BY CISCO FROM TIME TO TIME) OR BACKUP COPIES OF ANY OF THE FOREGOING.

License.

Conditioned upon compliance with the terms and conditions of the Agreement, Cisco grants to Customer a nonexclusive and nontransferable license to use for Customer's internal business purposes the Software and the Documentation for which Customer has paid the required license fees to an Approved Source. “Documentation” means written information (whether contained in user or



technical manuals, training materials, specifications or otherwise) pertaining to the Software and made available by an Approved Source with the Software in any manner (including on CD-Rom, or on-line). In order to use the Software, Customer may be required to input a registration number or product authorization key and register Customer's copy of the Software online at Cisco's website to obtain the necessary license key or license file. Customer's license to use the Software shall be limited to, and Customer shall not use the Software in excess of, a single hardware chassis or card or such other limitations as are set forth in the applicable Supplemental License Agreement or in the applicable purchase order which has been accepted by an Approved Source and for which Customer has paid to an Approved Source the required license fee (the “Purchase Order”). Unless otherwise expressly provided in the Documentation or any applicable Supplemental License Agreement, Customer shall use the Software solely as embedded in, for execution on, or (where the applicable Documentation permits installation on non-Cisco equipment) for communication with Cisco equipment owned or leased by Customer and used for Customer's internal business purposes. No other licenses are granted by implication, estoppel or otherwise.

For evaluation or beta copies for which Cisco does not charge a license fee, the above requirement to pay license fees does not apply.

General Limitations.

This is a license, not a transfer of title, to the Software and Documentation, and Cisco retains ownership of all copies of the Software and Documentation. Customer acknowledges that the Software and Documentation contain trade secrets of Cisco or its suppliers or licensors, including but not limited to the specific internal design and structure of individual programs and associated interface information. Except as otherwise expressly provided under the Agreement, Customer shall only use the Software in connection with the use of Cisco equipment purchased by the Customer from an Approved Source and Customer shall have no right, and Customer specifically agrees not to:

(i) transfer, assign or sublicense its license rights to any other person or entity (other than in compliance with any Cisco relicensing/transfer policy then in force), or use the Software on Cisco equipment not purchased by the Customer from an Approved Source or on secondhand Cisco equipment, and Customer acknowledges that any attempted transfer, assignment, sublicense or use shall be void;

(ii) make error corrections to or otherwise modify or adapt the Software or create derivative works based upon the Software, or permit third parties to do the same;

(iii) reverse engineer or decompile, decrypt, disassemble or otherwise reduce the Software to human-readable form, except to the extent otherwise expressly permitted under applicable law notwithstanding this restriction or except to the extent that Cisco is legally required to permit such specific activity pursuant to any applicable open source license;

(iv) publish any results of benchmark tests run on the Software;



(v) use or permit the Software to be used to perform services for third parties, whether on a service bureau or time sharing basis or otherwise, without the express written authorization of Cisco; or

(vi) disclose, provide, or otherwise make available trade secrets contained within the Software and Documentation in any form to any third party without the prior written consent of Cisco. Customer shall implement reasonable security measures to protect such trade secrets. To the extent required by applicable law, and at Customer's written request, Cisco shall provide Customer with the interface information needed to achieve interoperability between the Software and another independently created program, on payment of Cisco's applicable fee, if any. Customer shall observe strict obligations of confidentiality with respect to such information and shall use such information in compliance with any applicable terms and conditions upon which Cisco makes such information available.

Software, Upgrades and Additional Copies.

NOTWITHSTANDING ANY OTHER PROVISION OF THE AGREEMENT: (1) CUSTOMER HAS NO LICENSE OR RIGHT TO MAKE OR USE ANY ADDITIONAL COPIES OR UPGRADES UNLESS CUSTOMER, AT THE TIME OF MAKING OR ACQUIRING SUCH COPY OR UPGRADE, ALREADY HOLDS A VALID LICENSE TO THE ORIGINAL SOFTWARE AND HAS PAID THE APPLICABLE FEE TO AN APPROVED SOURCE FOR THE UPGRADE OR ADDITIONAL COPIES; (2) USE OF UPGRADES IS LIMITED TO CISCO EQUIPMENT SUPPLIED BY AN APPROVED SOURCE FOR WHICH CUSTOMER IS THE ORIGINAL END USER PURCHASER OR LESSEE OR OTHERWISE HOLDS A VALID LICENSE TO USE THE SOFTWARE WHICH IS BEING UPGRADED; AND (3) THE MAKING AND USE OF ADDITIONAL COPIES IS LIMITED TO NECESSARY BACKUP PURPOSES ONLY.

Proprietary Notices.

Customer agrees to maintain and reproduce all copyright, proprietary, and other notices on all copies, in any form, of the Software in the same form and manner that such copyright and other proprietary notices are included on the Software. Except as expressly authorized in the Agreement, Customer shall not make any copies or duplicates of any Software without the prior written permission of Cisco. Term and Termination. The Agreement and the license granted herein shall remain effective until terminated. Customer may terminate the Agreement and the license at any time by destroying all copies of Software and any Documentation. Customer's rights under the Agreement will terminate immediately without notice from Cisco if Customer fails to comply with any provision of the Agreement. Upon termination, Customer shall destroy all copies of Software and Documentation in its possession or control. All confidentiality obligations of Customer, all restrictions and limitations imposed on the Customer under the section titled “General Limitations” and all limitations of liability and disclaimers and restrictions of warranty shall survive termination of this Agreement. In addition, the provisions of the sections titled “U.S. Government End User Purchasers” and “General Terms Applicable to the



Limited Warranty Statement and End User License Agreement” shall survive termination of the Agreement.

Customer Records.

Customer grants to Cisco and its independent accountants the right to examine Customer's books, records and accounts during Customer's normal business hours to verify compliance with this Agreement. In the event such audit discloses non-compliance with this Agreement, Customer shall promptly pay to Cisco the appropriate license fees, plus the reasonable cost of conducting the audit. Export, Re-Export, Transfer and Use Controls. The Software, Documentation and technology or direct products thereof (hereafter referred to as Software and Technology), supplied by Cisco under the Agreement are subject to export controls under the laws and regulations of the United States (U.S.) and any other applicable countries' laws and regulations. Customer shall comply with such laws and regulations governing export, re-export, transfer and use of Cisco Software and Technology and will obtain all required U.S. and local authorizations, permits, or licenses. Cisco and Customer each agree to provide the other information, support documents, and assistance as may reasonably be required by the other in connection with securing authorizations or licenses. Information regarding compliance with export, re-export, transfer and use may be located at the following URL: http://www.cisco.com/web/about/doing_business/legal/global_export_trade/general_export/contract_compliance.html.

U.S. Government End User Purchasers.

The Software and Documentation qualify as “commercial items,” as that term is defined at Federal Acquisition Regulation (“FAR”) (48 C.F.R.) 2.101, consisting of “commercial computer software” and “commercial computer software documentation” as such terms are used in FAR 12.212. Consistent with FAR 12.212 and DoD FAR Supp. 227.7202-1 through 227.7202-4, and notwithstanding any other FAR or other contractual clause to the contrary in any agreement into which the Agreement may be incorporated, Customer may provide to Government end user or, if the Agreement is direct, Government end user will acquire, the Software and Documentation with only those rights set forth in the Agreement. Use of either the Software or Documentation or both constitutes agreement by the Government that the Software and Documentation are “commercial computer software” and “commercial computer software documentation,” and constitutes acceptance of the rights and restrictions herein. Identified Components; Additional Terms. The Software may contain or be delivered with one or more components, which may include third-party components, identified by Cisco in the Documentation, readme.txt file, third-party click-accept or elsewhere (e.g. on www.cisco.com) (the “Identified Component(s)”) as being subject to different license agreement terms, disclaimers of warranties, limited warranties or other terms and conditions (collectively, “Additional Terms”) than those set forth herein. You agree to the applicable Additional Terms for any such Identified Component(s).”

Limited Warranty



Subject to the limitations and conditions set forth herein, Cisco warrants that commencing from the date of shipment to Customer (but in case of resale by an Approved Source other than Cisco, commencing not more than ninety (90) days after original shipment by Cisco), and continuing for a period of the longer of (a) ninety (90) days or (b) the warranty period (if any) expressly set forth as applicable specifically to software in the warranty card accompanying the product of which the Software is a part (the “”) (if any): (a) the media on which the Software is furnished will be free of defects in materials and workmanship under normal use; and (b) the Software substantially conforms to the Documentation. The date of shipment of a Product by Cisco is set forth on the packaging material in which the Product is shipped. Except for the foregoing, the Software is provided “AS IS”. This limited warranty extends only to the Software purchased from an Approved Source by a Customer who is the first registered end user. Customer's sole and exclusive remedy and the entire liability of Cisco and its suppliers under this limited warranty will be (i) replacement of defective media and/or (ii) at Cisco's option, repair, replacement, or refund of the purchase price of the Software, in both cases subject to the condition that any error or defect constituting a breach of this limited warranty is reported to the Approved Source supplying the Software to Customer, within the warranty period. Cisco or the Approved Source supplying the Software to Customer may, at its option, require return of the Software and/or Documentation as a condition to the remedy. In no event does Cisco warrant that the Software is error free or that Customer will be able to operate the Software without problems or interruptions. In addition, due to the continual development of new techniques for intruding upon and attacking networks, Cisco does not warrant that the Software or any equipment, system or network on which the Software is used will be free of vulnerability to intrusion or attack.

Restrictions. This warranty does not apply if the Software, Product or any other equipment upon which the Software is authorized to be used (a) has been altered, except by Cisco or its authorized representative, (b) has not been installed, operated, repaired, or maintained in accordance with instructions supplied by Cisco, (c) has been subjected to abnormal physical or electrical stress, abnormal environmental conditions, misuse, negligence, or accident; or (d) is licensed for beta, evaluation, testing or demonstration purposes. The Software warranty also does not apply to (e) any temporary Software modules; (f) any Software not posted on Cisco's Software Center; (g) any Software that Cisco expressly provides on an “AS IS” basis on Cisco's Software Center; (h) any Software for which an Approved Source does not receive a license fee; and (i) Software supplied by any third party which is not an Approved Source.

DISCLAIMER OF WARRANTY

EXCEPT AS SPECIFIED IN THIS WARRANTY SECTION, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS, AND WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTY OR CONDITION OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, SATISFACTORY QUALITY, NON-INTERFERENCE, ACCURACY OF INFORMATIONAL CONTENT, OR ARISING



FROM A COURSE OF DEALING, LAW, USAGE, OR TRADE PRACTICE, ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW AND ARE EXPRESSLY DISCLAIMED BY CISCO, ITS SUPPLIERS AND LICENSORS. TO THE EXTENT THAT ANY OF THE SAME CANNOT BE EXCLUDED, SUCH IMPLIED CONDITION, REPRESENTATION AND/OR WARRANTY IS LIMITED IN DURATION TO THE EXPRESS WARRANTY PERIOD REFERRED TO IN THE “LIMITED WARRANTY” SECTION ABOVE. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATIONS ON HOW LONG AN IMPLIED WARRANTY LASTS, THE ABOVE LIMITATION MAY NOT APPLY IN SUCH STATES. THIS WARRANTY GIVES CUSTOMER SPECIFIC LEGAL RIGHTS, AND CUSTOMER MAY ALSO HAVE OTHER RIGHTS WHICH VARY FROM JURISDICTION TO JURISDICTION. This disclaimer and exclusion shall apply even if the express warranty set forth above fails of its essential purpose.

Disclaimer of Liabilities - Limitation of Liability.

IF YOU ACQUIRED THE SOFTWARE IN THE UNITED STATES, LATIN AMERICA, CANADA, JAPAN OR THE CARIBBEAN, NOTWITHSTANDING ANYTHING ELSE IN THE AGREEMENT TO THE CONTRARY, ALL LIABILITY OF CISCO, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS AND LICENSORS COLLECTIVELY, TO CUSTOMER, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), BREACH OF WARRANTY OR OTHERWISE, SHALL NOT EXCEED THE PRICE PAID BY CUSTOMER TO ANY APPROVED SOURCE FOR THE SOFTWARE THAT GAVE RISE TO THE CLAIM OR IF THE SOFTWARE IS PART OF ANOTHER PRODUCT, THE PRICE PAID FOR SUCH OTHER PRODUCT. THIS LIMITATION OF LIABILITY FOR SOFTWARE IS CUMULATIVE AND NOT PER INCIDENT (I.E. THE EXISTENCE OF TWO OR MORE CLAIMS WILL NOT ENLARGE THIS LIMIT).

IF YOU ACQUIRED THE SOFTWARE IN EUROPE, THE MIDDLE EAST, AFRICA, ASIA OR OCEANIA, NOTWITHSTANDING ANYTHING ELSE IN THE AGREEMENT TO THE CONTRARY, ALL LIABILITY OF CISCO, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS AND LICENSORS COLLECTIVELY, TO CUSTOMER, WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), BREACH OF WARRANTY OR OTHERWISE, SHALL NOT EXCEED THE PRICE PAID BY CUSTOMER TO CISCO FOR THE SOFTWARE THAT GAVE RISE TO THE CLAIM OR IF THE SOFTWARE IS PART OF ANOTHER PRODUCT, THE PRICE PAID FOR SUCH OTHER PRODUCT. THIS LIMITATION OF LIABILITY FOR SOFTWARE IS CUMULATIVE AND NOT PER INCIDENT (I.E. THE EXISTENCE OF TWO OR MORE CLAIMS WILL NOT ENLARGE THIS LIMIT). NOTHING IN THE AGREEMENT SHALL LIMIT (I) THE LIABILITY OF CISCO, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS AND LICENSORS TO CUSTOMER FOR PERSONAL INJURY OR DEATH CAUSED BY THEIR NEGLIGENCE, (II) CISCO'S LIABILITY FOR FRAUDULENT MISREPRESENTATION, OR (III) ANY LIABILITY OF CISCO WHICH CANNOT BE EXCLUDED UNDER APPLICABLE LAW.

Disclaimer of Liabilities - Waiver of Consequential Damages and Other Losses.



IF YOU ACQUIRED THE SOFTWARE IN THE UNITED STATES, LATIN AMERICA, THE CARIBBEAN OR CANADA, REGARDLESS OF WHETHER ANY REMEDY SET FORTH HEREIN FAILS OF ITS ESSENTIAL PURPOSE OR OTHERWISE, IN NO EVENT WILL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY LOST REVENUE, PROFIT, OR LOST OR DAMAGED DATA, BUSINESS INTERRUPTION, LOSS OF CAPITAL, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY OR WHETHER ARISING OUT OF THE USE OF OR INABILITY TO USE SOFTWARE OR OTHERWISE AND EVEN IF CISCO OR ITS SUPPLIERS OR LICENSORS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT APPLY TO YOU.

IF YOU ACQUIRED THE SOFTWARE IN JAPAN, EXCEPT FOR LIABILITY ARISING OUT OF OR IN CONNECTION WITH DEATH OR PERSONAL INJURY, FRAUDULENT MISREPRESENTATION, AND REGARDLESS OF WHETHER ANY REMEDY SET FORTH HEREIN FAILS OF ITS ESSENTIAL PURPOSE OR OTHERWISE, IN NO EVENT WILL CISCO, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS AND LICENSORS BE LIABLE FOR ANY LOST REVENUE, PROFIT, OR LOST OR DAMAGED DATA, BUSINESS INTERRUPTION, LOSS OF CAPITAL, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY OR WHETHER ARISING OUT OF THE USE OF OR INABILITY TO USE SOFTWARE OR OTHERWISE AND EVEN IF CISCO OR ANY APPROVED SOURCE OR THEIR SUPPLIERS OR LICENSORS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

IF YOU ACQUIRED THE SOFTWARE IN EUROPE, THE MIDDLE EAST, AFRICA, ASIA OR OCEANIA, IN NO EVENT WILL CISCO, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS AND LICENSORS, BE LIABLE FOR ANY LOST REVENUE, LOST PROFIT, OR LOST OR DAMAGED DATA, BUSINESS INTERRUPTION, LOSS OF CAPITAL, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE DAMAGES, HOWSOEVER ARISING, INCLUDING, WITHOUT LIMITATION, IN CONTRACT, TORT (INCLUDING NEGLIGENCE) OR WHETHER ARISING OUT OF THE USE OF OR INABILITY TO USE THE SOFTWARE, EVEN IF, IN EACH CASE, CISCO, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, SUPPLIERS AND LICENSORS, HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. BECAUSE SOME STATES OR JURISDICTIONS DO NOT ALLOW LIMITATION OR EXCLUSION OF CONSEQUENTIAL OR INCIDENTAL DAMAGES, THE ABOVE LIMITATION MAY NOT FULLY APPLY TO YOU. THE FOREGOING EXCLUSION SHALL NOT APPLY TO ANY LIABILITY ARISING OUT OF OR IN CONNECTION WITH: (I) DEATH OR PERSONAL INJURY, (II) FRAUDULENT MISREPRESENTATION, OR (III) CISCO'S LIABILITY IN CONNECTION WITH ANY TERMS THAT CANNOT BE EXCLUDED UNDER APPLICABLE LAW.

Customer acknowledges and agrees that Cisco has set its prices and entered into the Agreement in reliance upon the disclaimers of warranty and the limitations of



liability set forth herein, that the same reflect an allocation of risk between the parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss), and that the same form an essential basis of the bargain between the parties.

Controlling Law, Jurisdiction.

If you acquired, by reference to the address on the purchase order accepted by the Approved Source, the Software in the United States, Latin America, or the Caribbean, the Agreement and warranties (“Warranties”) are controlled by and construed under the laws of the State of California, United States of America, notwithstanding any conflicts of law provisions; and the state and federal courts of California shall have exclusive jurisdiction over any claim arising under the Agreement or Warranties. If you acquired the Software in Canada, unless expressly prohibited by local law, the Agreement and Warranties are controlled by and construed under the laws of the Province of Ontario, Canada, notwithstanding any conflicts of law provisions; and the courts of the Province of Ontario shall have exclusive jurisdiction over any claim arising under the Agreement or Warranties. If you acquired the Software in Europe, the Middle East, Africa, Asia or Oceania (excluding Australia), unless expressly prohibited by local law, the Agreement and Warranties are controlled by and construed under the laws of England, notwithstanding any conflicts of law provisions; and the English courts shall have exclusive jurisdiction over any claim arising under the Agreement or Warranties. In addition, if the Agreement is controlled by the laws of England, no person who is not a party to the Agreement shall be entitled to enforce or take the benefit of any of its terms under the Contracts (Rights of Third Parties) Act 1999. If you acquired the Software in Japan, unless expressly prohibited by local law, the Agreement and Warranties are controlled by and construed under the laws of Japan, notwithstanding any conflicts of law provisions; and the Tokyo District Court of Japan shall have exclusive jurisdiction over any claim arising under the Agreement or Warranties. If you acquired the Software in Australia, unless expressly prohibited by local law, the Agreement and Warranties are controlled by and construed under the laws of the State of New South Wales, Australia, notwithstanding any conflicts of law provisions; and the State and federal courts of New South Wales shall have exclusive jurisdiction over any claim arising under the Agreement or Warranties. If you acquired the Software in any other country, unless expressly prohibited by local law, the Agreement and Warranties are controlled by and construed under the laws of the State of California, United States of America, notwithstanding any conflicts of law provisions; and the state and federal courts of California shall have exclusive jurisdiction over any claim arising under the Agreement or Warranties.

For all countries referred to above, the parties specifically disclaim the application of the UN Convention on Contracts for the International Sale of Goods. Notwithstanding the foregoing, either party may seek interim injunctive relief in any court of appropriate jurisdiction with respect to any alleged breach of such party's intellectual property or proprietary rights. If any portion hereof is found to be void or unenforceable, the remaining provisions of the Agreement and Warranties shall remain in full force and effect. Except as expressly provided



herein, the Agreement constitutes the entire agreement between the parties with respect to the license of the Software and Documentation and supersedes any conflicting or additional terms contained in any Purchase Order or elsewhere, all of which terms are excluded. The Agreement has been written in the English language, and the parties agree that the English version will govern. Product warranty terms and other information applicable to Cisco products are available at the following URL: http://www.cisco.com/go/warranty. [SUPPLEMENTAL LICENSE AGREEMENT FOLLOWS]

Supplemental End User License Agreement

FireAMP Product

IMPORTANT: READ CAREFULLY.

This Supplemental End User License Agreement (“SEULA”) contains additional terms and conditions for the FireAMP Product (the “Software”) licensed under the End User License Agreement (“EULA”) between you and Cisco (collectively, the “Agreement”). Capitalized terms used in this SEULA but not defined will have the meanings assigned to them in the EULA. To the extent that there is a conflict between the terms and conditions of the EULA and this SEULA, the terms and conditions of this SEULA will take precedence.

In addition to the limitations set forth in the EULA on your access and use of the Software, you agree to comply at all times with the terms and conditions provided in this SEULA.

DOWNLOADING, INSTALLING, OR USING THE SOFTWARE CONSTITUTES ACCEPTANCE OF THE AGREEMENT, AND YOU ARE BINDING YOURSELF AND THE BUSINESS ENTITY THAT YOU REPRESENT TO THE AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THE AGREEMENT, THEN CISCO IS UNWILLING TO LICENSE THE SOFTWARE TO YOU AND (A) YOU MAY NOT DOWNLOAD, INSTALL OR USE THE SOFTWARE, AND (B) YOU MAY RETURN THE SOFTWARE (INCLUDING ANY UNOPENED CD PACKAGE AND ANY WRITTEN MATERIALS) FOR A FULL REFUND, OR, IF THE SOFTWARE AND WRITTEN MATERIALS ARE SUPPLIED AS PART OF ANOTHER PRODUCT, YOU MAY RETURN THE ENTIRE PRODUCT FOR A FULL REFUND. YOUR RIGHT TO RETURN AND REFUND EXPIRES 30 DAYS AFTER PURCHASE FROM CISCO OR AN AUTHORIZED CISCO RESELLER, AND APPLIES ONLY IF YOU ARE THE ORIGINAL END USER PURCHASER.

Definitions “Endpoint” means any device capable of processing data used in conjunction with any of the Software or Cisco-provided services, including but not limited to personal computers, mobile devices and network computer workstations. “Non-Personal Information” means technical and related information that is not Personal Information, including, but not limited to the operating system type and version; file metadata and identifiers such as SHA-256 values; network host data; origin and nature of malware; Endpoint GUIDs (globally unique identifiers); Internet Protocol (“IP”) addresses; MAC addresses; logfiles; the types of software or applications installed on a network or an Endpoint; and any aggregate or demographic data such as cookies, web logs, web beacons, and other similar applications. “Personal Information” means any information that can



be used to identify an individual and may include an individualâ€™s name, address, email address, phone number, payment card number, and user name.

Additional License Rights and Restrictions

License.

Conditioned upon compliance with the terms and conditions of the Agreement, Cisco grants to you a nonexclusive, nontransferable and non-sublicenseable license to use for your internal business purposes the Software and Documentation for which you have paid the required license and/or subscription fee. The license shall be a subscription to use the Software for a defined period of time as indicated in a SKU or as otherwise shown in the ordering document. In order to use the Software, you may be required to input a registration number or product authorization key and register your copy of the Software online at Cisco's website to obtain the necessary license key or license file. You will need a connection to the Internet in order to access certain cloud-based components of the Software. You are solely responsible for establishing and maintaining all required Internet connections.

Certain components of the Software will be required to be installed on your Endpoints. You may install such components of the Software only on the number of Endpoints for which you have paid the applicable fee.

If you allow a third party acting on your behalf (i.e. a contractor) to access and use the Software, then you shall remain responsible for compliance with the Agreement by each such third party. If you distribute the Software to such third party or otherwise install any component of the Software on an Endpoint of such third party, then each such distribution or installation shall include a copy of the Agreement.

If Cisco provides you with application IDs, signatures or rules for use with any Software (collectively, the “Rules”), then such Rules, and all modifications and updates thereto, are provided on an “AS IS” basis without warranty of any kind, either expressed or implied, including, without limitation, warranties that the Rules are free of defects, merchantable, fit for a particular purpose, error-free or non-infringing.

The subscription term is subject to the termination provisions under the EULA. You must renew the subscription license and pay the applicable fee before the expiration date for continued authorized use of the Software. You may not use the Software in a manner that exceeds the permitted number of Endpoints, term of subscription or other limitations associated with the applicable license or subscription fee paid or payable by you. If the subscription term expires without renewal, Software features and services may cease operation. Cisco has the right to terminate your use of the Software if your use extends beyond the permitted number of Endpoints or the subscription term has expired and you have not paid the applicable fee to continue use of the Software. In the event of a termination of the Agreement, you must use commercially reasonable efforts to notify all permitted third party users that their rights of access and use of the Software have also ceased.



Consent to Data Collection and Privacy

1. Data Collection and Processing.

Cisco may, as part of your use of the Software and/or the provision of related services by Cisco, collect, retain, and use Non-Personal Information and specific identifiable data about you, your network and your Endpoints (e.g., Endpoint IDs, IP addresses, location, content, etc.). Some of this specific identifiable data may contain Personal Information. Cisco also may transfer data so collected to Cisco's offices and subsidiaries in the United States and other countries where Cisco or its service providers have facilities.

2. Purpose of Data Collection and Processing.

The data Cisco collects from the Software is necessary for the essential use and functionality of the Software (e.g. device tracking, access control, data and traffic analysis, threat detection, malware and conduct-related analysis, etc.), and is also used by Cisco to provide associated services and to improve the operation and functionality of the Software. For these reasons you may not be able to opt out from some of this data collection other than by uninstalling or disabling the Software. You may have the ability, however, to configure your Software to limit some of the data that can be collected, as described in the applicable Software Documentation.

3. Consent to Data Collection and Use.

By using the Software and/or subscribing to related Cisco-provided services and accepting these terms, you agree to the collection, use, transfer, backup, and storage of your Personal Information and other data by Cisco and its service providers. Cisco will not process this information other than in accordance with Cisco's Privacy Statement (identified in section 4 below). You also agree that Cisco and its service providers may, as part of your use of the Software and the provision of related services by Cisco, transfer, copy, backup and store your Personal Information and other data in the United States, Europe, or other countries or jurisdictions outside your own where data protection standards may be different.

4. Privacy Statement.

By entering into this Agreement, you agree that Cisco's Privacy Statement, as it exists at any relevant time, applies to you. The most current Privacy Statement can be found at: http://www.cisco.com/web/siteassets/legal/privacy_full.html [End of SEULA]


Index

AAbout 16all 35AMP-CTL Commands 22AMP-Storage-Container Commands 28amp-sync commands 35Apply Configuration 13

Bbackup 23Backups 11

CChange Password 8check 23chef 23Cloud Proxy 17Cloud Query Failure Rate 17Cloud Query Latency 17Cloud Query Rate 17Cloud Server 4config-updates 24CPU Usage 18create 29

DDate and Time 9destroy 29Device Summary 5Disk latency

sda 17sdb 17

Disk Performance 17Disk Usage 17

/ 17/boot 17

disks 30

EEmail 8

Ffetch 36

Ggrow 30

Hhealth 30

IInstall amp-sync 33

KKey 16

LLicense 7list 31


Index

Mmaintenance 24Maintenance Mode 13Memory Usage 18Metrics 16

NNotifications 7, 18ntpdate 24

Ppackage 37power 25

Rreboot 25register 25Registration 13rescan 31

SScheduled Backups 8service 26shutdown 27SSH 9SSL 9Storage Containers 11Support Identity 19Support Sessions 19Support Snapshot 19System 17

Uupdate 27Update Device 14update-check 27update-check-content 28update-content 28

Vverify 38


Administration Portal User...

Documents

Transcript of Administration Portal User...