To view FTD events from access control rules, security intelligence rules, and SSL decryption rules in the Event Logging viewer, you first need to send those events to the Cisco cloud.
- Access Control Rules. You can log connection events at the beginning or end of a network connection. See Configure the Firepower Threat Defense Access Control Policy and Logging Settings in a Firepower Threat Defense Access Control Rule for more information about configuring logging for this rule type.
- Security Intelligence Rules. You can log connection events generated by the Security Intelligence rules. If you enable logging, any matches to blocked list entries are logged. Matches to exception entries are not logged, although you get log messages if exempted connections match access control rules with logging enabled. See Configure the Firepower Security Intelligence Policy for more information about configuring logging.
- SSL Decryption Rules. You can log connection events generated by SSL decryption rules.
If you are sending file and malware events or intrusion events events to the Cisco cloud and you are using a Secure Event Connector, you need to configure logging settings for the device.