Click here for the most updated version of this documentation.
Blumira’s modern cloud SIEM platform integrates with Cisco FTD Firewall to detect cybersecurity threats and provide an automated response to remediate when a threat is detected.
When configured, the Blumira integration with Cisco FTD Firewall will stream security event logs to the Blumira service for threat detection and automated threat response.
When Blumira’s Dynamic Blocklist capabilities are configured with the Cisco FTD Firewall, Blumira can provide automated blocking of known threats, automatically add new block rules when threats are detected and provide blocking based on Blumira’s community of customers that have detected new threats. All through automation without requiring any human interaction.
Learn more about Cisco FTD integration with Blumira >
Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.
Collecting logs from the Cisco Firepower Threat Defense appliance is slightly different from the ASA with Firepower mechanism. In this document, we’ll identify the initial setup steps to collect logs from the Firepower Threat Defense appliance on FMC. Over time, Blumira will recommend modifications to these configurations depending on output.
For vendor documentation, please click here.
Determine the Blumira sensor you will use as a syslog server to collect log data. On the Blumira sensor detail screen, under Host Details, copy the IP address of your Blumira sensor to use when configuring Firepower Threat Defense.
You can now click Deploy and deploy the policy to assigned devices. The changes are not active until you deploy them. At this point the Blumira sensor will start receiving syslog communication from your Cisco Firepower appliance.