Cisco FirePower Management

  • Updated
Table of Contents:

Cisco Firepower is an integrated suite of network security and traffic management products, deployed either on purpose-built platforms or as a software solution.

Prerequisites

  • Access to Cisco Firepower Management platform.
  • Port 11521 TCP/UDP allowed from Cisco Firepower to Forwarder.

Configuring Cisco Firepower syslog

Creating a Syslog Alert Response

  • Choose ASA Firepower Configuration > Policies > Actions > Alerts.
  •  From the Create Alert drop-down menu, choose Create Syslog Alert.
  •  Enter a Name for the alert.
  •  In the Host field, enter the hostname or IP address of Forwarder server.
  •  In the Port field, enter the port number as 11521.
  •  From the Facility list, choose a facility LOCAL7.
  •  From the Severity list, choose a severity INFO.
  •  Click Save.

Picture1.png

Configuration for sending the Traffic Events

  • Navigate to ASA Firepower Configuration > Policies > Access Control Policy
  • Edit the access rule and navigate to logging option.
  • Select log at Beginning and End of Connection options.
  • Navigate to Send Connection Events to option, select Syslog, and then select a Syslog alert response.
  • Click Save.

Picture2.png

  • Once the configuration is completed, need to validate the logs in chronicle using a regular expression as (".*") this expression or with specific hostname, will provide the log source types which are ingesting to chronicle, below is the screen shot for reference.

Picture3.png

 

 

Related articles

Comments

2 comments

Date Votes
  • stark
    • Edited

    <h1>Neo</h1>

    0
  • stark

    <a"/onclick=(confirm)()>Click Here!

    0

Please sign in to leave a comment.