Send Cloud-delivered Firewall Management Center-Managed Event Logs to SAL (SaaS) Using a Direct Connection

Configure the cloud-delivered Firewall Management Center to send events directly to SAL (SaaS). Follow this procedure to enable the Cisco cloud event global setting in the cloud-delivered Firewall Management Center. When needed, you can exclude individual FTD devices from sending event logs to SAL (SaaS). For more information, see Enable or Disable Threat Defense Devices to Send Event logs to SAL (SaaS) Using a Direct Connection.

Before you begin

  • Onboard devices to the cloud-delivered Firewall Management Center, assign licenses to these devices, and configure these devices to send events directly to SAL (SaaS).

  • Enable connection logging on a per-rule basis by editing a rule and choosing the Log at Beginning of Connection and Log at End of Connection options.

Procedure


Step 1

Log in to CDO.

Step 2

In the left pane, click Tools & Services > Firewall Management Center.

Step 3

Click Cloud-Delivered FMC, and in the System pane that is located at the right-side, click Cisco Cloud Events.

Step 4

In the Configure Cisco Cloud Events widget, do the following:

  1. Click the Send Events to the Cisco Cloud toggle button to enable the overall configuration.

  2. Check the Send Intrusion Events to the cloud check box to send the intrusion events to the cloud.

  3. Check the Send File and Malware Events to the cloud check box to send the file and malware events to the cloud.

  4. Choose an option to send the connection events to the cloud:

    • Click the None radio button to not send connection events to the cloud.

    • Click the Security Events radio button to send only security intelligence events to the cloud.

    • Click the All radio button to send all the connection events to the cloud.

  5. Click Save.