Skip to main content

 

 

Cisco Defense Orchestrator

Implementing Cisco Security Analytics and Logging (SaaS) for Secure Firewall Cloud Native Devices

Before you Begin 

Workflow to Implement Cisco Security Analytics and Logging (SaaS) and Send Events through the Secure Event Connector to the Cisco Cloud 

  1. Be sure to review "Before you Begin" above to make sure your environment is properly configured.
  2. Onboard a Secure Firewall Cloud Native Device using cluster endpoint, namespace, and token.   
  3. Send Secure Firewall Cloud Native Syslog Events to the Cisco Cloud.
  4. Configure NSEL for Secure Firewall Cloud Native Devices.
  5. Confirm events are visible in CDO. From the navigation bar, select Monitoring > Event Logging. Click the Live tab to view live events. 
  6. If you have a Firewall Analytics and Monitoring or Total Network Analytics and Monitoring license, continue with Analyzing Events in Secure Cloud Analytics. 

Analyzing Events in Cisco Secure Cloud Analytics

If you have a Firewall Analytics and Monitoring or Total Network Analytics and Monitoring license, perform the following in addition to the previous steps:

  1. Request a Secure Cloud Analytics Portal.
  2. Deploy one or more Secure Cloud Analytics sensors to your internal network if you purchased a Total Network Analytics and Monitoring license. See Secure Cloud Analytics Sensor Deployment for Total Network Analytics and Reporting.
  3. Invite users to create Secure Cloud Analytics user accounts, tied to their Cisco Single Sign-On credentials. See Monitoring Secure Cloud Analytics Alerts Generated from Firewall Events.
  4. Cross-launch from CDO to Secure Cloud Analytics to monitor the Secure Cloud Analytics alerts generated from Secure Firewall Cloud Native events. See Monitoring Secure Cloud Analytics Alerts Generated from Firewall Events.

Reviewing Cisco Secure Cloud Analytics Alerts by Cross-launching from CDO 

With a Firewall Analytics and Monitoring or Total Network Analytics and Monitoring license, you can cross-launch from CDO to Cisco Secure Cloud Analytics to review the alerts generated by Cisco Secure Cloud Analytics, based on Secure Firewall Cloud Native events.

Review these articles for more information:

Troubleshooting Secure Event Connector Issues 

Use these troubleshooting topics to gather status and logging information about 

Workflows 

Troubleshooting Using Security and Analytics Logging Events describes using the events generated from Cisco Security Analytics and Logging to determine why a user can't access a network resource.

See also Working with Alerts Based on Firepower Threat Defense Events.

  • Was this article helpful?