Cisco Firepower Threat Defense
The IBM QRadar DSM for Cisco Firepower Threat Defense (FTD) collects syslog events from a Cisco Firepower Threat Defense appliance. The syslog events that are collected by the Cisco Firepower Threat Defense DSM were previously collected by the Cisco Firepower Management Center DSM.
QRadar collects the following
event types from Cisco Firepower Threat Defense appliances:
- Device health and network-related logs from FTD devices
- Connection, security intelligence, and intrusion logs from FTD devices
- Logs for file and malware events.
To integrate Cisco Firepower Threat Defense with QRadar, complete the following steps:
- If automatic updates are not enabled, RPMs are available for download from the IBM® support website (http://www.ibm.com/support). Download and install the most recent
version of the following RPMs on your QRadar
Console:
- DSM Common RPM
- Cisco Firepower Threat Defense DSM RPM
- Cisco Firewall Devices DSM RPM
- Configure your Cisco Firepower Threat Defense device to send events to QRadar. For more information, see Configuring Cisco Firepower Threat Defense to communicate with QRadar®.
- If QRadar does not automatically detect the log source, add a Cisco Firepower Threat Defense log source on the QRadar Console.