The Secure Event Connector (SEC) is a container that you install on an on-premises Secure Device Connector (SDC) that receives events from FTDs and forwards them to the Cisco Cloud. Cisco Defense Orchestrator (CDO) pulls events from the cloud and displays them on the Events page so that administrators can analyze them.
Before You Install the Secure Event Connector
- Purchase the Cisco Security and Analytics Logging, "Logging and Troubleshooting" license. Or, If you want to try it out first, log in to CDO, and on the main navigation bar, select Monitoring > Event Logging and click Request Trial.
- Make sure an on-premises SDC virtual machine has been installed and the Secure Connectors page indicates that it is online and in the Active state.
If you need to install an SDC, follow one of these procedures:
- Deploy an On-Premises Secure Device Connector Using CDO's VM Image
- Deploy an On-Premises Secure Device Connector from your own VM
- System Requirements - Assign additional CPUs and memory to the virtual machine running the SDC:
- CPU: Assign an additional 4 CPUs to accommodate the SEC.
- Memory: Assign an additional 8 GB of memory for the SEC.
Therefore a VM running the SDC and the SEC should be allocated a total of 6 CPU and 10 GB of memory.
After you have updated the CPU and memory on the VM to accommodate the SEC, power on the VM and ensure that the Secure Connectors page indicates that the SDC is in the "Active" state.
Procedure to Install the Secure Event Connector
- Log in to CDO.
- In the navigation pane, select Monitoring > Event Logging.
- Click the information button and click Setup Secure Event Connector.
- In step 1 of the wizard, click the link to Copy bootstrap data.
- Open a terminal window and log into the SDC as the "cdo" user.
- Once logged in, switch to the "sdc" user. When prompted for a password, enter the password for the "cdo" user. Here is an example of those commands:
[cdo@sdc-vm ~]$ sudo su sdc [sudo] password for cdo: <type password for cdo user> [sdc@sdc-vm ~]$
- At the prompt, run the sec.sh setup script:
[sdc@sdc-vm ~]$ /usr/local/cdo/toolkit/sec.sh setup
- At the end of the prompt, paste the bootstrap data you copied in step 4 and press Enter.
Please copy the bootstrap data from Setup Secure Event Connector page of CDO: KJHYFuYTFuIGhiJKlKnJHvHfgxTewrtwE RtyFUiyIOHKNkJbKhvhgyRStwterTyufGUihoJpojP9UOoiUY8VHHGFXREWRtygfhVjhkOuihIuyftyXtfcghvjbkhB=
After the SEC is onboarded, the sec.sh runs a script to check on the health of the SEC. If all the health checks are "green," the health check sends a sample event to the Event Log. The sample event shows up in the Event Log as a policy named "sec-health-check."
If you receive a message that the registration failed or that the SEC onboarding failed, go to Troubleshooting Secure Event Connector Onboarding Failures.