ManualsPro Cisco CISCO Secure Firewall Threat Defense User Guide

CISCO Secure Firewall Threat Defense User Guide

June 14, 2024
Cisco

CISCO Secure Firewall Threat Defense

CISCO Secure Firewall Threat Defense-product

Specifications

  • Supported Integration Methods: Sending Events Directly, Sending Events Using Syslog Through a Proxy Server
  • Supported Event Types: Threat defense (NGFW) devices, Intrusion events, Security Intelligence connection events

Supported Regions

Important Information About Integrating Secure Firewall Threat Defense and Cisco SecureX Threat Response

  • About Cisco SecureX Threat Response and This Integration, on page 1
  • Cisco SecureX Threat Response Regional Clouds, on page 2
  • Supported Event Types, on page 2
  • Comparison of Methods for Sending Events to the Cloud, on page 3
  • Best Practices, on page 4

About Cisco SecureX Threat Response and This Integration

  • Cisco SecureX threat response (formerly Cisco Threat Response or CTR) is the platform in the Cisco cloud that helps you detect, investigate, analyze, and respond to threats using data aggregated from multiple products and sources.
  • This integration sends supported events from devices to Cisco SecureX threat response for analysis alongside data from your other products and other sources.
  • For more information about Cisco SecureX threat response, see Cisco SecureX Threat Response product page. For videos about the use and benefits of the application on YouTube, see http://cs.co/CTRvideos.
  • If you do not already have a Cisco SecureX threat response account, you can create one using Cisco Defense Orchestrator (CDO). To create a Cisco SecureX threat response account from CDO, follow the instructions here.
  • For more information about this integration, see the  at http://cs.co/ctr_firepower_faq and the online help in Cisco SecureX threat response, including the release notes.

Cisco SecureX Threat Response Regional Clouds

Region Link to Cloud Supported Integration Methods
North America
https://visibility.amp.cisco.com
  • Direct integration: Release 6.4 and later
  • Integration via syslog: Release 6.3 and later

Europe| https://visibility.eu.amp.cisco.com|

  • Direct integration: Release 6.5 and later
  • Integration via syslog: Release 6.3 and later

Asia (APJC)| https://visibility.apjc.amp.cisco.com|

  • Direct integration: Release 6.5 and later
  • Integration via syslog: Release 6.3 and later

Guidelines and Limitations for Choosing a Regional Cloud

Before choosing a regional cloud, consider these important points:

  • Selecting regional cloud depends on your version and integration method (syslog or direct).
    See Cisco SecureX Threat Response Regional Clouds, on page 2 for specifics.

  • When possible, use the regional cloud nearest to your deployment.

  • You cannot merge or aggregate data in different regional clouds.

  • If you need to aggregate data from multiple regions, devices in all regions must send data to the same regional cloud.

  • You can create an account on each regional cloud and the data on each cloud remains separate.

  • The region you select in your product is also used for the Cisco Support Diagnostics and Cisco Support Network features, if applicable and enabled. For more information about these features, see the online help for your product.

Supported Event Types

The threat defense and Cisco SecureX threat response integration supports the following event types:

Table 1: Version Support for Sending Events to the Cisco Cloud

Feature| Devices Managed by Secure Firewall Management Center Version

(Direct integrations)

| Devices Managed by Secure Firewall Device Manager Version

(Direct integrations)

| Syslog
---|---|---|---
Intrusion (IPS) events| 6.3  and later (via syslog)

6.4  and later (via direct connection)

| 6.3  and later (via syslog)

6.4  and later (via direct connection)

| Supported
Security

Intelligence connection events

| 6.5 and later| 6.5 and later| Not supported
File and malware events| 6.5 and later| 6.5 and later| Not supported

Comparison of Methods for Sending Events to the Cloud

Devices make events available to Cisco SecureX threat response through the Security Services Exchange portal, either using syslog or directly.

Sending Events Directly| Sending Events Using Syslog Through a Proxy Server
---|---
Supports only threat defense (NGFW) devices running supported versions of software.| Supports all devices running supported versions of software.
Supports version 6.4 and later.| Supports version 6.3 and later.
Supports all event types listed in Supported Event Types, on page 2.| Supports only intrusion events.
Supports SecureX tiles that show system status information such as whether your appliances and devices are running the optimal software versions.| System status features are not supported with syslog-based integrations.
Threat defense devices must be connected to the internet.| Devices do not need to be connected to the internet.
Your deployment cannot be using a Smart Software Manager on-premises server (formerly known as a Smart Software Satellite Server).| Your deployment can be using a Smart Software Manager on-premises server.
Sending Events Directly| Sending Events Using Syslog Through a Proxy Server
---|---
No need to set up and maintain an on-premises proxy server.|

  • Requires an on-premises virtual Cisco Security Services Proxy (CSSP) server.
  • More information about this proxy server is available from the online help in Security Services Exchange (SSE).
  • To access SSE, see Access Security Services Exchange.

Best Practices

Follow guidelines and setup instructions in the following topics precisely, including Requirements topics and Before You Begin sections in referenced procedure topics:

  • For all integrations
    See Guidelines and Limitations for Choosing a Regional Cloud, on page 2.

  • For direct integration
    See How to Send Events Directly to the Cisco Cloud.

  • For integration using syslog
    See How to Send Events to the Cisco Cloud Using Syslog.

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Cisco User Manuals

cisco Configuring Console Access Instructions
Cisco
cisco HyperFlex HX-Series Data Platform for HCI Instructions
Cisco
CISCO Meraki Cloud Monitoring for Catalyst User Guide
Cisco
CISCO Cloud-Delivered Catalyst SD-WAN Platform User Guide
Cisco
CISCO 60079011 Wi Fi 6 E Access Point User Manual
Cisco
CISCO IP Phone o Through the Normal Startup Process User Guide
Cisco
CISCO Install Enterprise NFVIS Using USB User Guide
Cisco
CISCO NCS 1014 Network Convergence System 1014 Instruction Manual
Cisco
CISCO Set Up Webex User Guide
Cisco
CISCO Webex App User Guide
Cisco
CISCO DNA Center Configure Telemetry User Guide
Cisco
802.11 Parameters for Cisco Access Points User Guide
Cisco
CISCO Nexus 3000 Series NX-OS Verified Scalability Guide Release 9.3 Instruction Manual Product Information
Cisco
CISCO P-LTE-450 Cellular Pluggable Interface Module Configuration User Guide
Cisco
CISCO Nexus 3600 Series NX-OS Verified Scalability Guide Release 9.3 User Guide
Cisco
CISCO Nexus 3000 SeriesNX-OS Verified Scalability Guide Release 9.3 User Guide
Cisco
CISCO Nexus 3000 Series NX-OS Verified Scalability Guide User Guide
Cisco
CISCO Nexus 9804 NX-OS Mode Switch Hardware Installation Guide
Cisco
CISCO Nexus 3548 Series NX-OS Verified Scalability Instructions
Cisco
CISCO 9.0SU Emergency Responder User Guide
Cisco

Related Manuals

ROUGH COUNTRY 921406000 2021 F 150 4 Inch 6 Inch 2wd Lift Kit Instructions
Rough Country
SENA NTT-N2R-01 N2R Yaching Headsets Instruction Manual
Sena
CODELOCKS CL500 Front Plates Used with Rim Panic Device Instruction Manual
CODELOCKS
AQUADISTRI B07BQDGMC2 Repto Digital Thermo Hygro Instruction Manual
AQUADISTRI
PARKSIDE IAN 446670_2307 Coiled Garden Hose Set Instruction Manual
PARKSIDE
ELSEMA WK433 Wired Keypad User Manual
ELSEMA
IsoTek 191VGAQRSS V5 Aquarius Power Line Conditioner and Surge Protector Instruction Manual
IsoTek
DORR B-3W Elevating System Instruction Manual
DORR
New For HUAWEI Smart Watch Men Waterproof Sport Fitness Tracker Multifunction Bluetooth-Complete Features/User Guide
EOENKK
gembird KBS-W-01 Wireless Desktop Set User Manual
GEMBIRD
Embr Labs Embr Wave 2 Immediate Menopause Hot Flash Relief Instructions
Embr Labs
Anko 43437771 Thermal Bluetooth Printer User Manual
Anko
GE current HORT170 Arize Life2 LED Lighting System Installation Guide
GE current
CHAMPION 200992 4650W Portable Inverter Generator User Guide
Champion
QUADRA-FIRE QV36DB-A 36-Inch Gas Fireplace Owner’s Manual
QUADRA-FIRE
CYC Motor BBS02_750w Mid Drive Fitment Installation Guide
CYC Motor
Outwell 111197 Hayward Lake 6ATC Tent Instruction Manual
Outwell
JVC HA-A18T Wireless Headphones User Guide
JVC
audio pro A48 Active Multiroom Speaker User Manual
audio pro
Schindler RS232 iSPECI BLE Adapter User Manual
Schindler
DOMETIC RCD10.5ES Compressor Refrigerator Instruction Manual Product Information
Dometic
Saviland 36W Rechargeable Nail Led Lamp User Manual
Saviland
PARASOUND 313ZAMPV3 Zamp Zone Amplifier User Guide
Parasound
InfiRay G600 Uncooled Handheld Thermal Camera User Manual
InfiRay
INSIGNIA NS-SB212 Soundbar Home Theater Speaker User Guide
Insignia
Roller Maz RC Dinoz / RC T-Rax Toy User Manual
Roller Maz
LG LSGL5833 30 Inch Slide-in Gas Range User Manual
LG
Simple Designs LT2066 Table Lamp User Manual
Simple Designs
NEXIGO NG17QH 4K Portable Monitor User Manual
NEXIGO
pylo 200-LTE Cellular Scale User Manual
PYLO
Contact Us   Privacy Policy   3.733ms