Re: FMC intergration with LogPoint

Michael Bartholomæussen · ‎03-27-2020

Hi All,

I'm in the middle of integrating log sources into LogPoint, where FMC is one of them.

Logpoint has FMC on their list of integrations, but I'm not able to finde any documentation?

I'm a bit reluctant to setup syslog in every policy and so forth. The process is tidies and error prone.

From my previous work with QRadar, we used estreamer in FMC, but I can't seem to find any proof the Logpoint supports it.

I'd expect Logpoint to support estreamer, since FMC is on their list of integrated devices.

Cheers,

Michael

Chess Norris · ‎12-07-2022

I am curious about this too. Is it possible to use logpoint as a eStreamer client in FMC now?

/Chess

Milos_Jovanovic · ‎12-07-2022

Hi @Chess Norris,

I don't know what is the difference between LogPoint and other SIEM solutions, but I would assume with great certainty that you can integrate it same like for any other SIEM solution - via syslog messages. I don't know if it supports any additional/improved integration, but usually, all SIEM vendors support syslog integration.

Here is one, and here is another example on how this can be done, depending on what exactly you want to integrate. You can integrate FMC itself (to send audit logs, or security events), but you can also integrate FTD devices too (to send info such as connection events and other syslog messages).

Kind regards,

Milos

Chess Norris · ‎12-07-2022

Hello Milos,

I was thinking about the eStreamer integration option in FMC

I know that it's working with QRadar and Splunk, but not sure if I can add Logpoint as an eStreamer client in FMC.

I was looking through the Cisco technical alliance partners, but Logpoint is not listed there.

Cisco Secure Technical Alliance Partners

Thanks

/Chess

Milos_Jovanovic · ‎12-08-2022

I've never tried it, but it would be great if you test it, and give a feedback to the community.

Thanks

Kind regards,

Milos