Integrating FTD & McAfee SIEM ( ESM )

aniketamdekar · ‎09-10-2020

Hi All,

I am trying to add the cisco FTD as a log source in McAfee Enterprise Security Manager SIEM.

However, I can only see the logs from the FMC.

Does Cisco FTD support integration with McAfee SIEM?

Regrads,

Aniket Amdekar

Rob Ingram · ‎09-10-2020

Hi,

Use the syslog settings configured in the FTD Platform Settings policy for the FTD. Then configure the rules in the ACP that you wish to send to the syslog server.

HTH

Ruben Cocheno · ‎09-10-2020

@aniketamdekar

The only way to do it is enforcing the logs out, so go to FTD Platform Settings policy for the FTD and configure the rules in the ACP that you want to send out.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

aniketamdekar · ‎09-11-2020

Thanks a ton for your responses @Ruben Cocheno @Rob Ingram

What I heard from Cisco support guy on a call is that FTD devices are not supported as a log source in SIEM.

Only FMC is supported. We have implemented the settings that you mentioned in your responses.

In our SIEM, we only see the logs for a user making some config changes, I guess its coming from FMC only.

We tried integrating the FTD devices themselves as a log source, but it didnt work.

Ruben Cocheno · ‎09-11-2020

@aniketamdekar

FMC will have all logs stored there, so the only way is forward all info from there to your SIEM, aand make the magic there.

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

Integrating FTD &amp; McAfee SIEM ( ESM )

Integrating FTD & McAfee SIEM ( ESM )