🌙
 

Subscribe to the Taegis™ XDR Documentation RSS Feed at .

Learn more about RSS readers or RSS browser extensions.

Add the eStreamer App to the Data Collector

integrations data collectors estreamer


Add the eStreamer app to the Taegis™ XDR Collector to retrieve all security event logs from your Cisco Firepower Threat Defense (FTD) device.

For more information on creating the needed certificate to add the eStreamer app, see the Cisco FTD Firewall guide.

Data Provided from Integration

  Antivirus Auth DHCP DNS Email Encrypt Filemod HTTP Management Netflow NIDS Process Thirdparty
eStreamer via eNCore                   D D, V    

Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections

Note

Taegis™ XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.

Add eStreamer to an Existing Taegis™ XDR Collector

To add the eStreamer app to an existing Taegis™ XDR Collector, follow these steps:

Add eStreamer App

Add eStreamer App

  1. From Secureworks® Taegis™ XDR, select Integrations > Data Collectors. The Data Collectors page displays.
  2. Select a card from the summary card view or the collector name from the table view for the collector to which you would like to add the eStreamer app. The Collector Details page displays.
  3. Scroll down to the Applications section, and select the gear icon for eStreamer from the Actions column.
  4. Enter the Connection information.
    • Hostname or IP Address: FMC Management Interface
    • Port: 8302
  5. Upload the eSteamer certificate and enter the certificate password.
  6. Select Save when complete.

 

On this page: