Requirements, Guideline, and Limitations for the SAL (SaaS) Integration


Type	Description
Cisco Secure Firewall Threat Defense	CDO-managed standalone threat defense devices, Version, 7.2 and later. To send events using syslog, you must have threat defense, Version 6.4 or later. To send events directly, you must have threat defense Version, 7.2 or later. Your firewall system must be deployed and successfully generating events.
Regional cloud	Determine the regional cloud that you want to send events to. Events cannot be viewed from or moved between different regional clouds. If you use a direct connection to send events to the cloud for integration with Cisco SecureX or Cisco SecureX threat response, you must use the same cloud region for this integration. If you send events directly, the regional cloud you specify in CDO must match the region of your CDO tenant.
Data plan	You must buy a data plan that reflects the number of events the Cisco cloud receives from your threat defense devices daily. This is called your daily ingest rate. Use the Logging Volume Estimator Tool to estimate your data storage requirements.
Accounts	When you purchase a license for this integration, you are provided with a CDO tenant account to support the integration.