Cisco IOS and NX-OS Integration Guide

integrations network cisco

Cisco IOS and NX-OS devices (routers, switches, etc.) must be configured to send logs via syslog to the Taegis™ XDR Collector. IOS and NX-OS logs are filtered and correlated in real-time for various security event observations.

Connectivity Requirements ⫘

Source	Destination	Port/Protocol
IOS or NX-OS (mgmt IP)	XDR Collector (mgmt IP)	UDP/514

Data Provided from Integrations ⫘

	Auth	DNS	HTTP	Management	Netflow	NIDS	Process	Thirdparty
Cisco IOS based Switches and Routers	D			Y

Y = Normalized | D = Out-of-the-Box Detections | V = Vendor-Specific Detections

Note

XDR detectors are not guaranteed to be triggered, even if a data source's logs are normalized to a schema associated with a given detector. However, you can create Custom Alert Rules to generate alerts based on normalized data from a data source.

Logging Instructions for Cisco IOS ⫘

The following commands enable IOS logging. Note that depending on your IOS version, some commands may not be supported. If this is the case, please notify your Provisioning Engineer.

ciscoios (config)# login on-failure log
ciscoios (config)# login on-success log
ciscoios (config)# logging trap debugging
ciscoios (config)# logging source-interface <interface closest to XDR Collector>
ciscoios (config)# logging host <syslog_IP>
ciscoios (config)# ip nat log translations syslog
ciscoios (config)# copy running-config startup-config

Logging Instructions for Cisco NX-OS ⫘

The following commands enable NX-OS logging. Note that depending on your NX-OS version, some commands may not be supported. If this is the case, please notify your Provisioning Engineer.

switch# configure terminal

Enable informational module log messages at the default facility of local7:

switch(config)# logging module 6

Configure informational logging to the specified XDR Collector at the default facility of local7. Use the XDR Collector’s IP address for syslog-IP:

switch(config)# logging server <syslog_IP> 6 [use-vrf vrf-name ]