Powerful threat prediction, prevention, detection, and response along with compliance in a scalable, simple managed solution.
All-in-one networking solution that combines network connectivity, agility, security, and compliance in an affordable managed solution.
Accelerate business growth through our award-winning partner program.
Applies To: Cisco Firepower Threat Defense (FTD) | Release 6.3 and later
Note – “File Malware and File events” are available from Cisco Firepower release 6.4 and above
The Cisco Firepower NGIPS is a next generation intrusion prevention system. It shares a management console with the Cisco firewall offerings, called the Firepower Management Center.
EventTracker, when integrated with Cisco Firepower NGIPS, collects log from Cisco FTD and creates a detailed reports, alerts, dashboards and saved searches. These features of EventTracker helps users to view the critical and important information on a single platform.
Reports will contain details of activities like, IDS events. (which outlines the targeted host and source of attack. Reports also consists of events of activities such as SSLVPN/ VPN/ WebVPN access, user command execution, and system activities.
IPS events include Blocked connections, File and Malware detection summary, Allowed URL’s summary, and many more. It includes information such as, date, time, the type of exploit, and contextual information about the source of the attack and its target.
Alerts are provided as soon as any critical event is triggered by Cisco FTD. With alerts users will be able to get real time occurrences of events such as, possible attack that is will be carried out, SSLVPN/ VPN/ WebVPN login success, failures and logout events.
For IPS event, connection blocked due to malicious entity is discovered by NGIPS engine, alerts are directly sent to their email services.
Visual/graphical representation consists of events such as blocked/ allowed connections, security event summary count, and geo-location information which can be viewed on EventTracker ‘dashboard’.
Dashboard also displays events related to IDS such as the time of possible attacks from unknown or suspicious sources, information about suspicious URLs, Files, SSL Flow Status, threat name, SHA Disposition, source IP address, and Protocol/service used for establishing connection with FTD etc.
Once Cisco FTD is configured to deliver events to EventTracker Manager; alerts, dashboards, and reports can be configured into EventTracker.
The configuration details are consistent with EventTracker version 9.x and later, and Cisco FTD release 6.3 and above.
To configure Cisco FTD to send logs to EventTracker, refer the How to Guide.
For more information please refer the Integration guide