Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
958
Views
2
Helpful
5
Replies

cdFMC - How do I view intrusion and security intelligence events?

Go to solution
Chess Norris
Level 4
Level 4

‎12-09-2025 01:37 AM - edited ‎12-09-2025 01:57 AM

Hello,

I am struggling to find how to view intrusion and security intelligence related events on cdFMC. It seems I can only view connection events. 

cdFMC.jpg

Here is another screenshot from an on-prem FMC, where you can select all sort of events, including intrusion and security-related events.

FMC.jpg

Anyone know how do I view intrusion and security intelligence events in cdFMC or is that not possible?

Thanks

/Chess

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Chess Norris

‎12-09-2025 07:43 AM

When you purchase CDO/cdFMC (which is now presented in the Security Cloud Control UI framework), you have the option of device management only or device management with logging. You can also add logging later as an a la carte option.See Table 1 here:

https://www.cisco.com/c/en/us/products/collateral/security/security-cloud-control/security-cloud-control-firewall-management-og.html

Once you have the logging licensed, Cisco will store unified event for 90 days per licensed firewall.

When you have that, the Unified Events in cdFMC will indeed display SI and other such events:

MarvinRhoads_0-1765294879642.png

 

View solution in original post

5 Replies 5

Go to solution
Chess Norris
Level 4
Level 4
In response to Cristian Matei

‎12-09-2025 05:54 AM

Hi,

I cannot find the Unified Events page in the cdFMC. However, I read this in the link you you sent

"The Unified Events page uses the Cisco Security Analytics and Logging data store as its event data source. You must have a valid Cisco Security Analytics and Logging subscription plan to view firewall events on the Unified Events page."

So I guess this means that a separate license is needed to view security and intrusion events?

/Chess

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Chess Norris

‎12-09-2025 07:43 AM

When you purchase CDO/cdFMC (which is now presented in the Security Cloud Control UI framework), you have the option of device management only or device management with logging. You can also add logging later as an a la carte option.See Table 1 here:

https://www.cisco.com/c/en/us/products/collateral/security/security-cloud-control/security-cloud-control-firewall-management-og.html

Once you have the logging licensed, Cisco will store unified event for 90 days per licensed firewall.

When you have that, the Unified Events in cdFMC will indeed display SI and other such events:

MarvinRhoads_0-1765294879642.png

 

Go to solution
Chess Norris
Level 4
Level 4
In response to Marvin Rhoads

‎12-09-2025 11:54 PM

Thanks for the clarification, Marvin.

0 Helpful

Go to solution
Chess Norris
Level 4
Level 4

‎12-10-2025 12:13 AM

I found out there's away to check for security intelligence events. If I go to events and filter for

FTD events=Security Intelligence, they will show up as normal connection events, but when I check the destination IP with virus total, it is classified as malware or malicious.

Screenshot 2025-12-10 085934.jpg
virustotal.jpg
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card