Configure SAL (OnPrem) Integration

You can configure CDO to send events to the Secure Network Analytics appliance using one of the following deployment options:

• Secure Network Analytics Manager Only—Deploy a standalone manager to receive and store events. The threat defense devices send event data to the Network Analytics Manager. All event data is stored on the Network Analytics Manager. From the management center user interface, you can cross-launch the manager to view more information about the stored events.

• Secure Network Analytics Data Store—Deploy a Cisco Secure Network Analytics Flow Collector to receive events, a Cisco Secure Network Analytics Data Store (containing 3 Cisco Secure Network Analytics Data Nodes) to store events, and a manager . The threat defense devices send event data to the flow collector from where the events are sent to the Data Store for storage. From the management center user interface, you can cross-launch the manager to view more information about the stores events.

  Starting with threat defense version 7.2, you can choose to associate different flow collectors to different devices.