Cisco Firepower Threat Defense
Version: Cisco Firepower Threat Defense (FTD) | Release 6.3 and later
Note – “File Malware and File events” are available from Cisco Firepower release 6.4 and above
Cisco Firepower Threat Defense is an integrative software image combining CISCO ASA and Firepower feature into one hardware and software inclusive system.
The Cisco Firepower NGIPS is a next generation intrusion prevention system. It shares a management console with the Cisco firewall offerings, called the Firepower Management Center.
Netsurion Open XDR, when integrated with Cisco Firepower NGIPS, collects log from Cisco FTD and creates a detailed reports, alerts, dashboards and saved searches. These features of Netsurion Open XDR helps users to view the critical and important information on a single platform.
Reports will contain details of activities like, IDS events. (which outlines the targeted host and source of attack. Reports also consists of events of activities such as SSLVPN/ VPN/ WebVPN access, user command execution, and system activities.
IPS events include Blocked connections, File and Malware detection summary, Allowed URL’s summary, and many more. It includes information such as, date, time, the type of exploit, and contextual information about the source of the attack and its target.
Alerts are provided as soon as any critical event is triggered by Cisco FTD. With alerts users will be able to get real time occurrences of events such as, possible attack that is will be carried out, SSLVPN/ VPN/ WebVPN login success, failures and logout events.
For IPS event, connection blocked due to malicious entity is discovered by NGIPS engine, alerts are directly sent to their email services.
Visual/graphical representation consists of events such as blocked/ allowed connections, security event summary count, and geo-location information which can be viewed on Netsurion Open XDR ‘dashboard’.
Dashboard also displays events related to IDS such as the time of possible attacks from unknown or suspicious sources, information about suspicious URLs, Files, SSL Flow Status, threat name, SHA Disposition, source IP address, and Protocol/service used for establishing connection with FTD etc.
Once Cisco FTD is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards, and reports can be configured into Netsurion Open XDR.
To take advantage of this data source integration and to learn more about alerts, reports, and dashboards, contact your Technical Account Manager (TAM). If you are not currently a Netsurion customer or partner, contact us to learn more.