Add the eStreamer App to the Data Collector
integrations data collectors estreamer
Add the eStreamer app to the Taegis™ XDR Collector to retrieve all security event logs from your Cisco Firepower Threat Defense (FTD) device.
For more information on creating the needed certificate to add the eStreamer app, see the Cisco FTD Firewall guide.
Data Provided from Integration ⫘
Antivirus | Auth | DHCP | DNS | Encrypt | Filemod | HTTP | Management | Netflow | NIDS | Process | Thirdparty | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
eStreamer via eNCore | D | D, V |
Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections
Note
XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.
Add eStreamer to an Existing XDR Collector ⫘
To add the eStreamer app to an existing XDR Collector, follow these steps:
Add eStreamer App
- From Secureworks® Taegis™ XDR, select Integrations > Data Collectors. The Data Collectors page displays.
- Select a card from the summary card view or the collector name from the table view for the collector to which you would like to add the eStreamer app. The Collector Details page displays.
- Scroll down to the Applications section, and select the gear icon for eStreamer from the Actions column.
- Enter the Connection information.
- Hostname or IP Address: FMC Management Interface
- Port: 8302
- Upload the eSteamer certificate and enter the certificate password.
- Select Save when complete.