Introduction
This document describes the different license reservation statuses.
Background
Cisco global threat alerts (GTA) (formerly Cognitive Intelligence) quickly detects suspicious web traffic and/or Cisco Secure Network Analytics (formerly Stealthwatch) flow records and responds to attempts to establish a presence in your environment and to attacks that are already under way. Secure Network Analytics sends flow records to the global threat alerts cloud for analysis once it is enabled in Secure Network Analytics. By default, global threat alerts processes Secure Network Analytics flow records for inside/outside host group traffic and DNS requests. You can specify additional host groups to monitor inside traffic. Global threat alerts also detects malicious patterns in encrypted traffic using Cisco encrypted traffic analytics.
We often come across such cases wherein the GTA widget does not get loaded on the network security dashboard even after enabling it from the external settings, here are a few use cases which describe its functionality based on license type used.
Scenario 1: Enable Feature on all required appliances (Primary Manager & Flow Collectors)
GTA doesn’t work without all the required appliances having the GTA feature enabled on all applicable Managers and Flow Collectors. In Central Mangement select the Action Dots (...) and then Edit Appliance Configuration. Select the General tab and then scroll to External Services. Ensure Enable Global Threat Alerts is checked.
Scenario 2: GTA works with the evaluation license
Even if the SNA appliances are running with the evaluation mode of license, GTA feature works fine and alerts can be seen on dashboard.
Scenario 3: GTA doesn’t work with PLR/SLR license type
PLR/SLR modes are used for air gapped networks. GTA relies on the cloud access to function properly. GTA does not work with PLR/SLR license type.
In the diagram, this can be seen that after reserving the Specific license reservation (SLR) for the lab appliances and rebooting the SMC, the GTA widget get disappeared. The full "cta-smc.log" log file attached for the reference.
The "Registered_Reserved" exception in "/lancope/var/logs/container/cta-smc.log" comes when the GTA registration for the appliance is failing due to PLR/SLR as depicted in screenshot.