|
Cisco Secure Firewall Threat
Defense
|
-
Security
Cloud Control-managed standalone Firewall Threat
Defense devices, Version, 7.2 and later.
-
To send events using syslog, you must have Firewall Threat
Defense device, Version 6.4 or later.
-
To send events directly, you must have Firewall Threat
Defense device, Version 7.2 or later.
-
To optionally exclude individual Firewall Threat
Defense devices from sending events directly, you must have Firewall Threat
Defense device, Version 7.4.1 or later.
-
Your firewall system must be deployed and successfully generating events.
|
|
Regional cloud
|
-
Determine the regional cloud that you want to send events to.
-
Events cannot be viewed from or moved between different regional clouds.
-
If you use a direct connection to send events to the Cisco Security Cloud for integration with Cisco SecureX, or Cisco SecureX threat response, or Cisco XDR, you must use the same cloud region for this integration.
-
If you send events directly, the regional cloud you specify
in Security
Cloud Control must match the region of your Security
Cloud Control tenant.
|
|
Security Analytics and Logging subscription plan
|
-
You must have a valid Security Analytics and Logging subscription plan. For more information about the subscription plans, see Security Analytics and Logging Licenses.
-
If your do not have a Security Analytics and Logging plan subscribed, you can request a 90-day trial by logging in to Security
Cloud Control and navigating to tab. You can purchase the desired subscription plan by following the instructions in the Security Cloud Control Firewall Management Ordering Guide.
-
You must buy a data plan that reflects the number of events the Cisco cloud receives from your threat defense devices daily. This is called your daily ingest rate.
-
Use the Logging Volume Estimator Tool to estimate your data storage requirements.
|
|
Accounts
|
When you purchase a license for this integration, you are provided
with a Security
Cloud Control tenant account to support the integration.
|
|
Connectivity
|
The Firewall Threat
Defense devices must be able to connect outbound on port 443 to the Cisco
Security Cloud at the following addresses:
-
US region:
-
api-sse.cisco.com
-
mx*.sse.itd.cisco.com
-
dex.sse.itd.cisco.com
-
eventing-ingest.sse.itd.cisco.com
-
registration.us.sse.itd.cisco.com
-
us.manage.security.cisco.com
-
edge.us.cdo.cisco.com
-
EU region:
-
api.eu.sse.itd.cisco.com
-
mx*.eu.sse.itd.cisco.com
-
dex.eu.sse.itd.cisco.com
-
eventing-ingest.eu.sse.itd.cisco.com
-
registration.eu.sse.itd.cisco.com
-
eu.manage.security.cisco.com
-
edge.eu.cdo.cisco.com
-
Asia (APJ) region:
-
api.apj.sse.itd.cisco.com
-
mx*.apj.sse.itd.cisco.com
-
dex.apj.sse.itd.cisco.com
-
eventing-ingest.apj.sse.itd.cisco.com
-
registration.apj.sse.itd.cisco.com
-
apj.cdo.cisco.com
-
edge.apj.cdo.cisco.com
-
Australia region:
-
api.aus.sse.itd.cisco.com
-
mx*.aus.sse.itd.cisco.com
-
dex.au.sse.itd.cisco.com
-
eventing-ingest.aus.sse.itd.cisco.com
-
registration.au.sse.itd.cisco.com
-
aus.cdo.cisco.com
-
India region:
|