Skip to main content

 

 

Cisco Defense Orchestrator

Monitoring Stealthwatch Cloud Alerts Generated from Firepower Threat Defense Events

Viewing Security Alerts from Cisco Defense Orchestrator

Required License: Firewall Analytics and Monitoring or Total Network Analytics and Monitoring

While you can review your Firepower Threat Defense (FTD) events on the Events logging page, you cannot review Stealthwatch Cloud (SWC) alerts from the CDO portal UI. You can cross-launch from CDO to the SWC portal using the Security Analytics menu option, and view alerts generated from FTD connection event data (and from network flow data if you enabled Total Network Analytics and Monitoring). The Security Analytics menu option displays a badge with the number of SWC alerts in an open workflow status, if 1 or more are open.

If you use a Security Analytics and Logging license to generate SWC alerts, and you provisioned a new SWC portal, log into CDO, then cross-launch to SWC using Cisco Secure Sign-On. You can also directly access your SWC portal through URL.

See https://www.cisco.com/c/en/us/products/security/secure-sign-on/index.html for more information on Cisco Secure Sign-On.

Inviting Users to Join Your SWC Portal

The initial user to request the SWC portal provision has administrator privileges in the SWC portal. That user can invite other users by email to join the portal. If these users do not have Cisco Secure Sign-On credentials, they can create them using the link in the invite email. Users can then use Cisco Secure Sign-On credentials to log in during the cross-launch from CDO to SWC.

To invite other users to your SWC portal by email:

  1. Log into your SWC portal as an administrator.
  2. Select Settings > User Management.
  3. Enter an Email address.
  4. Click Send Invite.

Cross-Launching from CDO to SWC

To view security alerts from CDO:

  1. Log into the CDO portal.
  2. Select Monitoring > Security Analytics from the navigation bar.
  3. In the SWC interface, select Alerts.