Configuring Security Rules to Send Events to the Secure Event Connector
To send events to the Secure Event Connector so that CDO can ultimately display them in its Events Logging viewer, you need to configure logging on individual access control rules, security intelligence rules, and SSL decryption rules:
- Access Control Rules. You can log connection events at the beginning or end of a network connection. See Configure the Firepower Threat Defense Access Control Policy and Logging Settings in a Firepower Threat Defense Access Control Rule for more information about configuring logging for this rule type.
- Security Intelligence Rules. You can log connection events generated by the Security Intelligence rules. If you enable logging, any matches to blocked list entries are logged. Matches to exception entries are not logged, although you get log messages if exempted connections match access control rules with logging enabled. See Configure the Firepower Security Intelligence Policy for more information about configuring logging.
- SSL Decryption Rules. You can log connection events generated by SSL decryption rules.