Requirements, Guideline, and Limitations for the SAL (SaaS) Integration

Type

Description

Cisco Secure Firewall Threat Defense

  • CDO-managed standalone threat defense devices, Version, 7.2 and later.

  • To send events using syslog, you must have threat defense device version 6.4 or later.

  • To send events directly, you must have threat defense device version 7.2 or later.

  • To optionally exclude threat defense devices from sending events directly, you must have threat defense device version 7.4.1 or later.

  • Your firewall system must be deployed and successfully generating events.

Regional cloud

  • Determine the regional cloud that you want to send events to.

  • Events cannot be viewed from or moved between different regional clouds.

  • If you use a direct connection to send events to the Cisco Security Cloud for integration with Cisco SecureX, or Cisco SecureX threat response, or Cisco XDR, you must use the same cloud region for this integration.

  • If you send events directly, the regional cloud you specify in CDO must match the region of your CDO tenant.

Data plan

  • You must buy a data plan that reflects the number of events the Cisco cloud receives from your threat defense devices daily. This is called your daily ingest rate.

  • Use the Logging Volume Estimator Tool to estimate your data storage requirements.

Accounts

When you purchase a license for this integration, you are provided with a CDO tenant account to support the integration.

Connectivity

The threat defense devices must be able to connect outbound on port 443 to the Cisco Security Cloud at the following addresses:

  • US region:

    • api-sse.cisco.com

    • mx*.sse.itd.cisco.com

    • dex.sse.itd.cisco.com

    • eventing-ingest.sse.itd.cisco.com

    • registration.us.sse.itd.cisco.com

    • defenseorchestrator.com

    • edge.us.cdo.cisco.com

  • EU region:

    • api.eu.sse.itd.cisco.com

    • mx*.eu.sse.itd.cisco.com

    • dex.eu.sse.itd.cisco.com

    • eventing-ingest.eu.sse.itd.cisco.com

    • registration.eu.sse.itd.cisco.com

    • defenseorchestrator.eu

    • edge.eu.cdo.cisco.com

  • Asia (APJC) region:

    • api.apj.sse.itd.cisco.com

    • mx*.apj.sse.itd.cisco.com

    • dex.apj.sse.itd.cisco.com

    • eventing-ingest.apj.sse.itd.cisco.com

    • registration.apj.sse.itd.cisco.com

    • apj.cdo.cisco.com

    • edge.apj.cdo.cisco.com

  • Australia region:

    • api.aus.sse.itd.cisco.com

    • mx*.aus.sse.itd.cisco.com

    • dex.au.sse.itd.cisco.com

    • eventing-ingest.aus.sse.itd.cisco.com

    • registration.au.sse.itd.cisco.com

    • aus.cdo.cisco.com

  • India region:

    • api.in.sse.itd.cisco.com

    • mx*.in.sse.itd.cisco.com

    • dex.in.sse.itd.cisco.com

    • eventing-ingest.in.sse.itd.cisco.com

    • registration.in.sse.itd.cisco.com

    • in.cdo.cisco.com