Configure a Secure Network Analytics Manager
Configure the Secure Network Analytics Manager deployment to integrate SAL (OnPrem) with CDO-managed threat defense devices.
Before you begin
Ensure the following:
-
You have a provisioned CDO tenant and have the following CDO user roles:
-
Admin
-
Super admin
-
-
Your threat defense devices are working as expected and are generating events.
-
If you are currently using syslog to send events to the Secure Network Analytics Manager from device versions that support sending events directly, disable syslog for those devices (or assign those devices an access control policy that does not include syslog configurations) to avoid duplicating events on the remote volume.
-
You have the hostname or the IP address of your Secure Network Analytics Manager.
Note | You may be logged out of the Secure Network Analytics Manager during the registration process; complete any work in progress before you start with the deployment wizard. |
Procedure
Step 1 | Log in to CDO. | ||
Step 2 | From the CDO menu, navigate . | ||
Step 3 | Select Firewall Management Center and click Configuration. | ||
Step 4 | Navigate to . | ||
Step 5 | In the Secure Network Analytics Manager Only widget, click Start. | ||
Step 6 | Enter the hostname or the IP address and port number of the Secure Network Analytics Manager and click Next. | ||
Step 7 | Deploy the changes to the managed devices. The event data is not logged to the SAL (OnPrem) until the logging policy changes are deployed to the registered threat defense devices.
| ||
Step 8 | Click OK. |