FAQs - Firepower Integration with Cisco Threat Response - Cisco CommunityYouTube
Cisco Secure Firewall Threat Defense and Cisco XDR Integration Guide - Cisco
Cisco SecureX – A Simplified Security Experience - Cisco
User Guide for CISCO models including: Secure Firewall Threat Defense, Firewall Threat Defense, Threat Defense, Defense
Cisco Secure Firewall Threat Defense and Cisco SecureX Threat Response Integration Guide - Important Information About Integrating Secure Firewall Threat Defense and Cisco SecureX Threat Response [Cisco Secure Firewall Threat Defense] - Cisco
File Info : application/pdf, 4 Pages, 1,004.21KB
DocumentDocumentImportant Information About Integrating Secure Firewall Threat Defense and Cisco SecureX Threat Response · About Cisco SecureX Threat Response and This Integration, on page 1 · Cisco SecureX Threat Response Regional Clouds, on page 2 · Supported Event Types, on page 2 · Comparison of Methods for Sending Events to the Cloud, on page 3 · Best Practices, on page 4 About Cisco SecureX Threat Response and This Integration Cisco SecureX threat response (formerly Cisco Threat Response or CTR) is the platform in the Cisco cloud that helps you detect, investigate, analyze, and respond to threats using data aggregated from multiple products and sources. This integration sends supported events from devices to Cisco SecureX threat response for analysis alongside data from your other products and other sources. For more information about Cisco SecureX threat response, see Cisco SecureX Threat Response product page. For videos about the use and benefits of the application on YouTube, see http://cs.co/CTRvideos. If you do not already have a Cisco SecureX threat response account, you can create one using Cisco Defense Orchestrator (CDO). To create a Cisco SecureX threat response account from CDO, follow the instructions here. For more information about this integration, see the FAQs at http://cs.co/ctr_firepower_faq and the online help in Cisco SecureX threat response, including the release notes. Important Information About Integrating Secure Firewall Threat Defense and Cisco SecureX Threat Response 1 Important Information About Integrating Secure Firewall Threat Defense and Cisco SecureX Threat Response Cisco SecureX Threat Response Regional Clouds Cisco SecureX Threat Response Regional Clouds Region North America Link to Cloud https://visibility.amp.cisco.com Supported Integration Methods · Direct integration: Release 6.4 and later · Integration via syslog: Release 6.3 and later Europe https://visibility.eu.amp.cisco.com · Direct integration: Release 6.5 and later · Integration via syslog: Release 6.3 and later Asia (APJC) https://visibility.apjc.amp.cisco.com · Direct integration: Release 6.5 and later · Integration via syslog: Release 6.3 and later Guidelines and Limitations for Choosing a Regional Cloud Before choosing a regional cloud, consider these important points: · Selecting regional cloud depends on your version and integration method (syslog or direct). See Cisco SecureX Threat Response Regional Clouds, on page 2 for specifics. · When possible, use the regional cloud nearest to your deployment. · You cannot merge or aggregate data in different regional clouds. · If you need to aggregate data from multiple regions, devices in all regions must send data to the same regional cloud. · You can create an account on each regional cloud and the data on each cloud remains separate. · The region you select in your product is also used for the Cisco Support Diagnostics and Cisco Support Network features, if applicable and enabled. For more information about these features, see the online help for your product. Supported Event Types The threat defense and Cisco SecureX threat response integration supports the following event types: Important Information About Integrating Secure Firewall Threat Defense and Cisco SecureX Threat Response 2 Important Information About Integrating Secure Firewall Threat Defense and Cisco SecureX Threat Response Comparison of Methods for Sending Events to the Cloud Table 1: Version Support for Sending Events to the Cisco Cloud Feature Devices Managed by Secure Firewall Devices Managed by Secure Firewall Syslog Management Center Version Device Manager Version (Direct integrations) (Direct integrations) Intrusion 6.3 and later (via syslog) 6.3 and later (via syslog) (IPS) events 6.4 and later (via direct connection) 6.4 and later (via direct connection) Supported Security Intelligence connection events 6.5 and later 6.5 and later Not supported File and malware events 6.5 and later 6.5 and later Not supported Comparison of Methods for Sending Events to the Cloud Devices make events available to Cisco SecureX threat response through the Security Services Exchange portal, either using syslog or directly. Sending Events Directly Sending Events Using Syslog Through a Proxy Server Supports only threat defense (NGFW) devices running Supports all devices running supported versions of supported versions of software. software. Supports version 6.4 and later. Supports version 6.3 and later. Supports all event types listed in Supported Event Supports only intrusion events. Types, on page 2. Supports SecureX tiles that show system status information such as whether your appliances and devices are running the optimal software versions. System status features are not supported with syslog-based integrations. Threat defense devices must be connected to the internet. Devices do not need to be connected to the internet. Your deployment cannot be using a Smart Software Your deployment can be using a Smart Software Manager on-premises server (formerly known as a Manager on-premises server. Smart Software Satellite Server). Important Information About Integrating Secure Firewall Threat Defense and Cisco SecureX Threat Response 3 Best Practices Important Information About Integrating Secure Firewall Threat Defense and Cisco SecureX Threat Response Sending Events Directly Sending Events Using Syslog Through a Proxy Server No need to set up and maintain an on-premises proxy Requires an on-premises virtual Cisco Security server. Services Proxy (CSSP) server. More information about this proxy server is available from the online help in Security Services Exchange (SSE). To access SSE, see Access Security Services Exchange. Best Practices Follow guidelines and setup instructions in the following topics precisely, including Requirements topics and Before You Begin sections in referenced procedure topics: · For all integrations: See Guidelines and Limitations for Choosing a Regional Cloud, on page 2. · For direct integration: See How to Send Events Directly to the Cisco Cloud. · For integration using syslog: See How to Send Events to the Cisco Cloud Using Syslog. Important Information About Integrating Secure Firewall Threat Defense and Cisco SecureX Threat Response 4