09-10-2020 11:03 AM
Hi All,
I am trying to add the cisco FTD as a log source in McAfee Enterprise Security Manager SIEM.
However, I can only see the logs from the FMC.
Does Cisco FTD support integration with McAfee SIEM?
Regrads,
Aniket Amdekar
09-10-2020 11:17 AM
Hi,
Use the syslog settings configured in the FTD Platform Settings policy for the FTD. Then configure the rules in the ACP that you wish to send to the syslog server.
HTH
09-10-2020 01:25 PM
The only way to do it is enforcing the logs out, so go to FTD Platform Settings policy for the FTD and configure the rules in the ACP that you want to send out.
09-11-2020 09:14 AM - edited 09-11-2020 09:14 AM
Thanks a ton for your responses @Ruben Cocheno @Rob Ingram
What I heard from Cisco support guy on a call is that FTD devices are not supported as a log source in SIEM.
Only FMC is supported. We have implemented the settings that you mentioned in your responses.
In our SIEM, we only see the logs for a user making some config changes, I guess its coming from FMC only.
We tried integrating the FTD devices themselves as a log source, but it didnt work.
09-11-2020 09:50 AM
FMC will have all logs stored there, so the only way is forward all info from there to your SIEM, aand make the magic there.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide