When Blumira’s Dynamic Blocklist capabilities are configured with the Cisco FTD Firewall, Blumira can provide automated blocking of known threats, automatically add new block rules when threats are detected and provide blocking based on Blumira’s community of customers that have detected new threats. All through automation without requiring any human interaction.
Collecting logs from the Cisco Firepower Threat Defense appliance is slightly different from the ASA with Firepower mechanism. In this document, we’ll identify the initial setup steps to collect logs from the Firepower Threat Defense appliance on FMC. Over time, Blumira will recommend modifications to these configurations depending on output.
For vendor documentation, please click here.
Note: If the syslog server is on the network attached to the physical Management interface, you must type the name of that interface into the Interface Name field below the Selected Security Zones list and click Add. You must also configure this name (if not already configured), and an IP address, for the Diagnostic interface (edit the device from the Device Management page and select the Interfaces tab).
You can now click Deploy and deploy the policy to assigned devices. The changes are not active until you deploy them. At this point the Blumira sensor will start receiving syslog communication from your Cisco Firepower appliance.
Try out Blumira’s automated detection & response platform for free and deploy a cloud SIEM in hours.