11-02-2015 10:05 AM - edited 03-12-2019 05:48 AM
Hello Community,
We have just completed a Clients full upgrade from old ASA's to new 5555-x with full features of FireSIGHT and FirePOWER on ASA, while everything is working as designed we have one issue,
This client wanted a single unit to do his URL/AMP and IPS and SourceFire can do this, but the reporting is horrible.
They had used Ironport WSA report and loved it, and SourceFire is nowhere close to this clean interface.
My question, has anyone produced templets or came close to a unified reporting between Ironport WSA and the SourceFire URL features.
Or know of any Cisco or 3rd party tool that can migrate the reports?
Thank You
Sylwia
11-30-2015 01:13 PM
I am in the same boat, we moved from websense for URL filtering, and though the reporting there was not great, it is better than this one.
Have you been able to make any progress on this?
12-07-2015 03:45 PM
I also could use some help. We are wanting to have a weekly report that would include the following:
1) level 1 IOC's
2) Malware seen on network
3) Security intelligence events.
thanks
-mikgruff
03-03-2016 01:08 PM
Same situation here. I need to be able to run reports on 12-18 months worth of data.
03-25-2017 11:37 AM
We finally got everything patched on the FireSight side and I now have the reports and retention that I need in Splunk using the eStreamer plugin from Splunkbase. It took my senior engineer with no Splunk experience about 1 workday to create a report showing website traffic associated to Active Directory users.
If you go that route Splunk is cake to set up. eStreamer requires Linux but if you can follow directions you don't need any real experience with the OS.
We are paying about 8k a year for 10GB of daily logs, we average about 6.
03-25-2017 07:42 PM
Thanks for the update.
Good to know it can be done but too bad it's not 'out of the box' with FirePOWER Management Center. This request is a common one that customers have.
Can you share how many connection events does your 6 GB of daily logs equate to on the FMC side? Are you running FMC as a VM?
03-26-2017 07:07 AM
3773568 rows of connection events equated to 3.748GB of logs.
We run FMC as a VM. I had the highest end FMC physical appliance quoted out and it did not hit my retention goals.
It would be nice if it were an option from Cisco. Even if event archival and reporting came at a premium we would have paid for it.
03-26-2017 07:57 PM
I am hoping there will be in 6.3, it will be a big plus for us also.
03-26-2017 09:07 PM
[@nrunge1@cvtc.edu] ,
Thanks for that info. It's a great data point.
I am hearing similar desires from my customers and will continue to press the issue with Cisco.
04-24-2017 11:10 AM
I spent time getting JDBC connection established with Firepower. I am using Crystal Reports and the data that I query on comes in to Crystal reports horrible to say the least. I don't understand why Cisco doc would point me in direction of Crystal Reports when from my initial experience I am finding to be quite worthless and garbage.
04-07-2017 07:37 PM
Is there any guide that you followed, or any particular setup instructions you have? Or maybe can you export any reports that others can utilize?
Sorry Splunk noob here, so I dont really know anything about how to use it at this point.
12-01-2015 06:30 AM
Hi Sylwia,
What kind of reports are you looking for when we talk about the Sourcefire ?
Pujita
12-01-2015 07:00 AM
Personally, the two I would like to do more than anything, are:
1) time spent on various websites, per user
2) top x users spending time online, and how much time was spent by them
I am not sure if this is even possible, as it seems to be connection based for FirePOWER in the reports I have seen, but what we used in the past (websense) was essentially when a connection was made, it determined that the users was there for up to 3 minutes, unless another connection was made, or something along those lines.
09-20-2016 01:12 PM
These are the same reports we need as well. It's really a shame they don't exist. There is no field which records browsing time
08-30-2017 12:42 PM
I have these requirements as well. My supervisor would like to see a user report that details how long an end user spent on something like Facebook or Twitter, etc. during their workday.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide