AMP Threat Grid – A Threat-Intelligence Tool

AMP Threat Grid is a threat-intelligence search and alerting tool that searches the Cisco AMP for known threats in the selected data. This extension allows the user to perform a direct search on the selected text. When the user selects a specific URL, this tool sends the selected text to Cisco AMP and the tool returns a threat notification along with the associated URL.

To make a link clickable on the webpage, the user can drag it and drop it on the desired target location or right click on the link and click “copy link location”.

The user can search using the context menu for supported URL formats, such as web URL, IP, Domain, FQDN, and file path. When a specific file path is entered, the tool queries Cisco AMP for any known threat intelligence associated to the file.

The user can search using FQDN for specific domains, IP for specific IP addresses, and file path for a specific file path. The tool does not search OpenDNS because the hashes are not indexed there.

When a user searches using the extension, the tool displays the result in a popup. The user can either choose to add the URL to the user’s browser. If the user chooses to, the URL is added to the history.