Solved: Re: Encryption Visibility Engine - where are the logs?

ryan14 · ‎06-16-2022

Where do I go to enable columns related to the Encryption Visibility Engine? In version 7.2 the documentation states to view information related to EVE, you must enable the columns but I cannot find where to do that. Anyone know where to enable this?

Marvin Rhoads · ‎06-16-2022

Go into the Table View of connection events and then click the X on any column. That will bring up the dialog box to enable or disable columns where you will see the EVE-specific columns.

FMC EVE Event Columns

View solution in original post

Marvin Rhoads · ‎06-16-2022

Go into the Table View of connection events and then click the X on any column. That will bring up the dialog box to enable or disable columns where you will see the EVE-specific columns.

FMC EVE Event Columns

ryan14 · ‎06-16-2022

Thanks, is there any way to keep them permanently selected or do you have select the columns every time?

Marvin Rhoads · ‎06-16-2022

Unfortunately they have to be selected every time in the GUI.

You can build a report with just the columns you want and then run it to get a static display of the interesting events.

Temur Kalandia · ‎07-02-2024

hello,

is it possibel to enable Encrypted Visibility Engine from cisco FDM ? i have only one FTD2110 without FMC

Marvin Rhoads · ‎07-02-2024

@Temur Kalandia no it is not currently possible (as of version 7.4). EVE Currently requires FMC (either on-premises or cloud-delivered).

Temur Kalandia · ‎07-02-2024

hi,

how can i see whats inside QUIC traffic ? it means that without FMC there is no chance to have such visibility ?

Marvin Rhoads · ‎07-02-2024

EVE does not replace SSL decryption. Instead it gives some ability to inspect an SSL/TLS-protected flow by discerning what it can from things like the SSL handshake. That's very different from decrypting and inspecting the encrypted payload. Even with SSL decryption you need to force fall back to http/2 to disable QUIC (or block udp/443).