Multicloud Defense User Guide
About Multicloud Defense
About Multicloud Defense
Multicloud Defense Naming Conventions
Supported Regions
Recommended Versions of Multicloud Defense Components
Third Party Product Support and Versioning
Multicloud Defense in Cisco Security Provisioning and Administration
Multicloud Defense Components
Multicloud Defense Controller Dashboard
My Profile Information
Multicloud Defense 90-Day Free Trial
Setup with the Multicloud Defense Wizard
Setup with the Multicloud Defense Wizard
Connect Cloud Account
Connect AWS Account
Connect Azure Account
Connect Google Cloud Platform Account
Connect to an OCI Account
Prepare Your OCI Account
Connect Oracle Account
Enable Traffic Visibliity
Enable Traffice for an AWS Account
Enable Traffic for an Azure Account
Enable Traffic for a GCP Project
Secure Your Account
Centralized Model: Add a VPC or VNet
Distributed Model
Azure Distributed Model: Create a Gateway
Account Onboarding
AWS
AWS Overview
Connect AWS Account to Multicloud Defense Controller from the Multicloud Defense Dashboard
CloudFormation Outputs
Roles Created by Multicloud Defense
MCDControllerRole
MCDGatewayRole
MCDInventoryRole
InventoryMonitorRule
Azure
Prepare Your Azure Account
Register Application in Microsoft Entra ID
Create a custom role to assign to the Application
Connect an Azure Subscription to the Multicloud Defense Controller from the Multicloud Defense Dashboard
VNet Route Tables for your Azure Subscription
Roles Created by Multicloud Defense
Azure IAM Roles
Post-Onboarding Procedures
Azure VNet Setup
Subnets
Security Groups
Launch ARM Template
GCP
GCP Overview
Create a GCP Controller Service Account
Create a GCP Firewall Service Account
Connect a GCP Project to the Multicloud Defense Controller from the Multicloud Defense Dashboard
Roles Created by Multicloud Defense
GCP IAM Roles
OCI
Prepare Your OCI Account
Connect the Oracle OCI Tenant to the Multicloud Defense Controller from the the Multicloud Defense Dashboard
Remove a Cloud Service Provider From Multicloud Defense
Delete a GCP Project From Multicloud Defense
Delete an AWS Account From Multicloud Defense
Delete an Azure Account From Multicloud Defense
Delete an OCI Account From Multicloud Defense
Discovery
Asset and Inventory Discovery
Discovery Summary
Inventory
Applications
Discovered Assets
Enable Asset Discovery and Inventory
Security Insights
Types of Security Insights
Security Groups
Application Security Groups
Network ACL
Subnets
Route Tables
Network Interfaces
VPCs\VNets
Applications
Load Balancers
Instances
Tags
Certificates
Topology
Insights
Rules and Findings
Rules and Findings
Pre-Defined Rules
Custom Rules
Findings
Multicloud Defense Gateway
Manage Multicloud Defense Gateways
Overview
Supported Gateway Use Cases
Egress
Ingress
East-West
Distributed
Centralized / Hub
Advanced Gateway Configuration: Use Your Own Load Balancer
Gateways Details
Configure Multicloud Defense Gateway and VPC/VNets
Create a Service VPC or VNet
Secure Spoke VPC or VNet
Manage the Service VPC/VNet
Export a Spoke VPC or VNet
Delete a Spoke VPC or Vnet
Before You Begin
Resources Created by Multicloud Defense
Add a Multicloud Defense Gateway
Manage Your Gateway
Edit a Multicloud Defense Gateway
Upgrade the Multicloud Defense Gateway
Abort a Multicloud Defense Gateway
Enable a Multicloud Defense Gateway
Disable a Multicloud Defense Gateway
Export a Multicloud Defense Gateway
Delete a Multicloud Defense Gateway
Site-to-Site VPN Tunnel Connection
Prerequisites and Limitations for Site-to-Site VPN Tunnels
Enable VPN Within the Gateway
Create a Site-to-Site VPN Connection
Edit a Site-to-Site VPN Tunnel
Clone a Site-2-Site VPN Tunnel Connection
Delete a VPN Tunnel Connection
Security Policies
Advanced Policy Settings
Rules and Rule Sets
Rules
Policy Management
Policy Rule Set Gateway and Management
Rule Sets and Rule Set Groups
Create Policy Rule Set
Create a Rule in a Rule Set
Add or Edit a Forwarding Rule in a Rule Set
Add or Edit a Reverse Proxy Rule in a Rule Set
Add or Edit a Forward Proxy Rule in a Rule Set
Disable, Edit, Clone, or Delete Rules in a Rule Set
Create a Policy Rule Set Group
Shared Objects
About the Multicloud Defense Connector
Import Objects From Security Cloud Control
Address Objects
Address Objects
Src/Dest
Dynamic Cloud Constructs
Geo IP
Group
Source or Destination Address Object Parameters
Reverse Proxy Target Address Object
Reverse Proxy Target Address Object Parameters
System Objects
Create a Source/Destination Address Object
Create a Reverse Proxy Target Address Object
Edit Address Objects
Clone Address Objects
Delete Address Object
View Details
FQDN Objects
FQDN Match Object
Standalone vs. Group
Create Standalone FQDN Match Object
Create Group FQDN Match Object
Associate the Object
Service Objects
Reverse Proxy Service Object (Ingress)
Forward Proxy Service Object (Egress / East-West)
Forwarding Service Object (Egress / East-West)
Certificates and Keys
Certificates and Keys
Import Certificate
AWS - KMS
AWS - Secrets Manager
Azure Key Vault
GCP - Secret Manager
Server Certificate Validation
Server Certificate Validation in the TLS Decryption Profile
Server Certificate Validation in the FQDN Service Object
Certificate and Keys Tech Notes
Generate a Self-Signed Root CA
Generate a Certificate Signed by your Self-Signed Root CA
Generate an Intermediate CA Signed by Your Root CA
App Certificate signed using the Intermediate CA
Install Root CA as Trusted CA on the Hosts
Traffic Discovery and Visiblilty
Types of Traffic
Enable DNS Logs
AWS: Enable DNS Logs
GCP: Enable DNS Logs
Azure: DNS Logs
Enable VPC Flow Logs
AWS: Enable VPC Flow Logs
GCP: Enable VPC Flow Logs
Azure: Enable NSG Flow Logs
Profiles for Security and Gateway
Security Profiles
Decryption Profile
Create a Decryption Profile
Network Intrusion (IDS/IPS) Profile
Create an IPS/IDS Profile
Data Loss Prevention (DLP) Profile
Create a Data Loss Prevention Profile
Anti-Malware Profile
Create an Anti-Malware Profile
Web Application Firewall (WAF) Profile
Create WAF Profile
Event Filtering
Create L7 DoS Profile
URL (Uniform Resource Locator) Filter Profile
Create the URL Filtering Profile
Fully Qualified Domain Name Filter Profile
Create a Standalone FQDN Filter Profile
Create a Group FQDN Filter Profile
Malicious IP Profile
Create a Malicious IP Profile
IP Reputation
Gateway Profiles
Packet Capture Profile
Create a Packet Capture Profile
Log Forwarding Profile
Create a Standalone Log Forwarding Profile
Create a Log Forwarding Group
Gateway Metrics Forwarding Profile
Create a Standalone Metrics Forwarding Profile
Create a Group Metrics Forwarding Profile
Network Time Protocol Profile
Create a Profile
IPSec Profile
Create an IPSec Profile
BGP Profile
Create a BGP Profile
Profile Actions
View a Profile Details
Edit a Standalone Metrics Forwarding Profile
Edit a Group Profile
Add a Gateway Association to a Profile
Remove a Gateway Association
Delete a Profile
FQDN and URL Filtering Categories
FQDN / URL Filtering Categories
Malicious Categories
Full List of Categories
Associating a Filtering Profile with a Policy Ruleset Rule
Cisco Talos Intelligence URL / IP Lookup Tool
Investigate and Analysis
Investigate summary page
Flow Analytics
Flow Analytics - Traffic Summary
Flow Analytics - All Events
Event Logs
Firewall Events
Network Threats
Web Attacks
URL Filtering
FQDN Filtering
HTTPS Logs
VPN Logs
Network Analytics
Stats
Total Bandwidth
CPU Usage
Memory Usage
Connection Rate
HTTP Request Rate
System Status
Audit Logs
Search Filter
System Logs
Search Filter
Threat Research
Threat Research
Network Intrusion
Web Protection
Malicious Sources
Cloud Visibility Reports
Cloud Visibility Reports
Generate a Discovery Report
Generate a Threat And Cloud Analytics Report
Alerting and Log Forwarding
Alerting Overview
Alert Services Overview
Alert Destinations / SIEMs
Datadog
Create an Alert Profile Service
Create an Alert Rule
Microsoft Sentinel
Create an Alert Profile Service
Create an Alert Rule
PagerDuty
Create an Alert Profile Service
Create an Alert Rule
ServiceNow
Create an Alert Profile Service
Create an Alert Rule
Slack
Create an Alert Profile Service
Create an Alert Rule
Webex
Create an Alert Profile Service
Create an Alert Rule
Splunk
Create a Splunk Profile Service
Create a Splunk Rule
Log Forwarding Overview
Security Events and Traffic Logs
Create a Standalone Event or Traffic Log Profile
Edit a Standalone Event or Traffic Log Profile
Create a Group Event or Traffc Log Profile
Edit a Group Event or Traffc Log Profile
View an Event or Traffic Log Forwarding Profile
Delete an Event or Traffc Log Profile
Discovery Logs
Create a Standalone Discovery Log Profile
Edit a Standalone Discovery Log Profile
Create a Group Discovery Log Profile
Edit a Group Discovery Log Profile
View a Discovery Log Profile Details
Add a Discovery Log Profile with a Cloud Account
Remove a Discovery Log Profile from a Cloud Account
Delete a Discovery Log Profile
Gateway Metrics Forwarding Profile
Create a Standalone Metrics Forwarding Profile
Edit a Standalone Metrics Forwarding Profile
Create a Group Metrics Forwarding Profile
Edit a Group Profile
Delete a Profile
Add an Event, Traffic Log Forwarding Profile, or Metrics Forward Profile to a Gateway
Remove an Event, Traffic Log Forwarding Profile, or Metrics Forward Profile from a Gateway
Log Forwarding Destinations / SIEMs
AWS S3 Bucket
Datadog
GCP Logging
Microsoft Sentinel
Splunk
Sumo Logic
Syslogs
Webhook
Administration
Management
Management
API Keys
Create an API Key in Multicloud Defense
Delete an API Key from Multicloud Defense
Account Level Settings
Application Tags
Create an Application Tag
Edit an Application Tag
Delete an Application Tag
Custom Tags
Create a Custom Tag
Edit a Custom Tag
Delete a Custom Tag
System
Metering
Alert Profiles
Services
Create a Service
Edit a Service
Clone a Service
Export a Service
Delete a Service
Alerts
Create an Alert
Edit an Alert
Clone an Alert
Export an Alert
Delete an Alert
Manage Your Multicloud Defense Account
Manage Your Multicloud Defense Account
Account (Multicloud Defense Tenant)
User Roles in Security Cloud Control
Roles in Multicloud Defense
Cloud Accounts
Cloud Accounts
Add Account
Manage Inventory
Edit a Cloud Account
Update Log Profile for a Cloud Account
Export a Cloud Account
Delete a Cloud Account
Inventory
Certificates and Awards
Compliance Certificates
Troubleshoot Your Account
Troubleshoot Connecting Your Account
Manually Onboard an Account
Manually Onboard a GCP Project
GCP Overview
Service Accounts
Create Multicloud Defense Controller Service Account Using GCP Cloud Console
Create a Multicloud Defense Firewall Service Account Using the GCP Cloud Console
Enable API
Enable API-Using the GCP Cloud Console
VPC Setup
VPC and Subnets
Sample VPC and Subnets using CLI
Network Tags (for GCP Gateways)
Gateway Creation
Manually Onboard an Azure Subscription
(Optional) User-assigned Managed Identity for Key Vault and Blob Storage access
Register Application in Microsoft Entra ID
Create a custom role to assign to the Application
Required Values For Multicloud Defense Controller Onboarding
Accept Marketplace Terms
Graceful Termination of Connections
Terraform Onboarding Scripts for Cloud Accounts
About Terraform
Terraform Repository
Exporting Configuration as Terraform Block
>
Multicloud Defense User Guide
Multicloud Defense User Guide
About Multicloud Defense