Cisco SourceFire
Version: Cisco SourceFire 6.0.0
Sourcefire, Inc develops network security hardware and software. The company’s FirePOWER network security appliances are based on Snort, an open-source Intrusion Detection System (IDS).
Netsurion data source integration for Cisco SourceFire allows you to monitor the following components:-
- Operations – Correlation events.
- Security – IDS and IPS activity.
- Compliance – Inbound and outbound traffic.
Once Cisco Sourcefire is configured to deliver events to Netsurion Open XDR Manager; alerts, dashboards and reports can be configured into Netsurion Open XDR.
The following are the key Data Source Integration available in Netsurion Open XDR.
Alerts
| Type | Name | Description |
|---|---|---|
| Security | Cisco SourceFire – High priority alert generated | This alert is generated when alert priority is highest for the detected alert type. |
Reports
| Type | Name | Description |
|---|---|---|
| Security | Cisco SourceFire – IDS and IPS activity | This report provides the information related to IDS and IPS activity which include columns Event Time, Device Name, Priority Value, Protocol Type, Alert Impact, Alert Type, Alert Name, Source Address, Source Port, Source Location, Destination Address, Destination Port, Destination Location |
| Operations | Cisco SourceFire – Correlation Events | This report provides information related to Correlation events which include columns Event Time, Device Name, Source Address, Source Port, Destination Address, Destination Port, Protocol Type, Correlation Detail, Alert Name, Alert Type and Alert Impact. |
| Compliance | Cisco SourceFire – Inbound and outbound traffic | This report provides the information related to inbound and outbound traffic which include columns Event Time, Device Name,User Name, Connection Type, Source Address, Source Port, Destination Address, Destination Port, Application Protocol, Interface Ingress, Interface Egress, Rule Name, Action,URL Name, URL Category and URL Reputation. |
Documentation
The configuration details are consistent with Netsurion Open XDR 7.x and later, and Cisco SourceFire.
Download Integration Guide for configuration instructions and more information.