Requirements, Guideline, and Limitations for the SAL (SaaS) Integration



Cisco Secure Firewall Threat Defense

  • CDO-managed standalone threat defense devices, Version, 7.2 and later.

  • To send events using syslog, you must have threat defense, Version 6.4 or later.

  • To send events directly, you must have threat defense Version, 7.2 or later.

  • Your firewall system must be deployed and successfully generating events.

Regional cloud

  • Determine the regional cloud that you want to send events to.

  • Events cannot be viewed from or moved between different regional clouds.

  • If you use a direct connection to send events to the cloud for integration with Cisco SecureX or Cisco SecureX threat response, you must use the same cloud region for this integration.

  • If you send events directly, the regional cloud you specify in CDO must match the region of your CDO tenant.

Data plan

  • You must buy a data plan that reflects the number of events the Cisco cloud receives from your threat defense devices daily. This is called your daily ingest rate.

  • Use the Logging Volume Estimator Tool to estimate your data storage requirements.


When you purchase a license for this integration, you are provided with a CDO tenant account to support the integration.