Wider attack surface coverage powered by hundreds of integrations and deeper threat visibility powered by thousands of detections.
Version: Cisco Firepower Threat Defense (FTD) | Release 6.3 and later
Note – “File Malware and File events” are available from Cisco Firepower release 6.4 and above
The Cisco Firepower NGIPS is a next generation intrusion prevention system. It shares a management console with the Cisco firewall offerings, called the Firepower Management Center.
Netsurion, when integrated with Cisco Firepower NGIPS, collects log from Cisco FTD and creates a detailed reports, alerts, dashboards and saved searches. These features of Netsurion helps users to view the critical and important information on a single platform.
Reports will contain details of activities like, IDS events. (which outlines the targeted host and source of attack. Reports also consists of events of activities such as SSLVPN/ VPN/ WebVPN access, user command execution, and system activities.
IPS events include Blocked connections, File and Malware detection summary, Allowed URL’s summary, and many more. It includes information such as, date, time, the type of exploit, and contextual information about the source of the attack and its target.
Alerts are provided as soon as any critical event is triggered by Cisco FTD. With alerts users will be able to get real time occurrences of events such as, possible attack that is will be carried out, SSLVPN/ VPN/ WebVPN login success, failures and logout events.
For IPS event, connection blocked due to malicious entity is discovered by NGIPS engine, alerts are directly sent to their email services.
Visual/graphical representation consists of events such as blocked/ allowed connections, security event summary count, and geo-location information which can be viewed on Netsurion ‘dashboard’.
Dashboard also displays events related to IDS such as the time of possible attacks from unknown or suspicious sources, information about suspicious URLs, Files, SSL Flow Status, threat name, SHA Disposition, source IP address, and Protocol/service used for establishing connection with FTD etc.
Once Cisco FTD is configured to deliver events to Netsurion Manager; alerts, dashboards, and reports can be configured into Netsurion.
The configuration details are consistent with Netsurion version 9.x and later, and Cisco FTD release 6.3 and above.
Download Integration Guide and How-to Guidefor more information and to configuration instructions.