cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3679
Views
10
Helpful
5
Replies

SecureX and SIEM Architecture

DevLop
Level 1
Level 1

Hey everyone!

I am working on coming up with a Managed Security offering for the company I work for. Cisco SecureX and the Cisco Security suite offer amazing visibility and one pane of glass to manage Security and Incident Response, but there are some logs that I don't think Cisco will ever collect (i.e. Windows Event Logs or application logs). I assumed I would use Splunk, LogRhythm, or another SIEM to collect and search these logs. The problem I run into is now I have two "centralized logs".

Is there a way to get the information from SecureX to a SIEM, or from a SIEM to SecureX? Can a SIEM be a data source for SecureX or the other way around? Am I just doing this wrong?

Thank you in advance for any advice!

DevLop

1 Accepted Solution

Accepted Solutions

Hi DevLoop,
I havent worked with the Splunk module, but i'm going to assume that it works the same as the others, and essentially just displays some pretty graphs and charts in the GUI based on "alerts" that Splunk has generated.  
In regards to the SecureX->Splunk element, that is going to be for CTR, Cisco Threat Response, which you can input and IP or domain etc, and then it will search for instances of that within your Splunk environment.

I suppose the main question is what are your requirements for logging. If you have no actual requirements to be able to do searches on log data, or data retention, then you could just use SecureX. If you have more traditional SIEM-style requirements, then SecureX isnt going to cut it. 
There is a SecureX Partner Support WebEx Teams space that you can join by requesting access through this form - https://cs.co/9001Guw6S 
I am also from a MSP/Cisco Partner, but this is a good partner space for discussing options to your style of issue.

View solution in original post

5 Replies 5