How Catalyst SD-WAN router shares events with Security Cloud Control Firewall Management

This diagram describes how Catalyst SD-WAN shares security events with Security Cloud Control Firewall Management.

Event flow from Catalyst SD-WAN to Security Cloud Control
Remote user traffic flows through Catalyst SD-WAN devices to Security Cloud Control, enabling SOC analysts to monitor events.

Step

Description

1

A remote user accesses the network, and the Catalyst SD-WAN device generates an event log for the corresponding traffic. The device then exports the event data to a PSV file and sends it to Catalyst SD-WAN Manager.

2

Catalyst SD-WAN Manager sends the event data to the SD-WAN Analytics cloud.

3

SD-WAN Analytics stores the event data in cloud to make it accessible for Security Services Exchange and notifies Security Services Exchange.

After receiving the notification from SD-WAN Analytics cloud, Security Services Exchange downloads the event data from SD-WAN AWS cloud.

4

Security Services Exchange converts the event data from PSV to JSON format and sends it to Cisco Security Analytics and Logging (SaaS).

5

Security Analytics and Logging (SaaS) processes the event data using various services to classify and enrich it for use by Security Cloud Control.

Security Analytics and Logging (SaaS) stores the event data in the cloud data store. The event viewer queries this data store to provide security operations center (SOC) analysts with relevant event data.