Support Mode

The Support Mode in Cisco Secure Malware Analytics (Threat Grid) appliances is a feature that allows authorized Cisco support staff to remotely access and inspect your appliance directly to diagnose and troubleshoot issues. This can be helpful for troubleshooting complex issues that cannot be resolved solely through traditional methods like log analysis or support snapshots.


Note

You can also perfom the same operation in Admin UI. For more information, see Live Support Session.

Enable live Support Session

Procedure

Step 1

Initiation: You, the appliance owner, initiate a Live Support Session with Cisco support. This can be done through the appliance's web interface or command line.

Figure 1. Support Mode

Step 2

Enabling Support Mode: During the session, the support representative might request to enable Support Mode (Toggle the START option). Select Start to enable the Live session. You must see it showing the Status change from inactive to active.

Figure 2. Select Start to enable live session

Step 3

Remote Access: Once enabled, Cisco support staff can remotely log in to the "rash" component using secure protocols. This grants them temporary access to inspect various aspects of the appliance, including:

  • System logs and configuration files

  • Running processes and resource usage

  • Internal network connections and traffic

  • Malware analysis details and results

Step 4

Troubleshooting and Resolution: By directly examining the appliance, support staff can gain deeper insights into the issue and perform actions like:

  • Restarting services

  • Modifying configurations

  • Collecting specific diagnostic data

  • Identifying and resolving the root cause of the problem

Step 5

Session Termination: Once the issue is resolved or troubleshooting is complete, you can end the Live Support Session, which automatically disables Support Mode.

Figure 3. Select Stop to disable live session
You will see the Status toggle from active to inactive.