Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1347
Views
0
Helpful
6
Comments

FMC

benolyndav
Level 4
Level 4

on ‎06-01-2020 03:47 AM

HI

Does anyone know if there is an easier way than the below

Q. I check connection events for IOC's when requested and sometimes i have to check many url's which i am presently doing one url at a time and is very time consuming, is there a way to check multiple URL's in connection events this would save some much time for me.

 

 

Thanks

 

 

 

 

 

Labels:
0 Helpful
Comments
lnguyen@meriwest.com
Level 1
Level 1
‎06-02-2020 09:31 AM

im having same question and im looking for any opensource SIEM or external logging for the FMC since logs get rotated to fast. looking into ELK stack but having issue setting it up

Marvin Rhoads
Hall of Fame
Hall of Fame
‎06-02-2020 08:57 PM

You can check IOCs in groups using Cisco Threat Response if you've integrated your Firepower Management Center with CTR.

(By the way this should have been posted as a discussion, not a document.)

benolyndav
Level 4
Level 4
‎06-03-2020 07:48 AM

Hi Marvin

Thanks for the response how do I check if we have our FMC intergrated with CRT ??

 

apologies i didnt realise about this being posted incorrectly.

 

thanks

lnguyen@meriwest.com
Level 1
Level 1
‎06-03-2020 08:44 AM

ctrctr

 

i think enabling Cisco Cloud but you need to register an account. im still a newbie with CTR.

 

https://visibility.amp.cisco.com/ link to CTR and remember to add Firepower module.

Marvin Rhoads
Hall of Fame
Hall of Fame
‎06-03-2020 09:25 AM

Yes, generally you should have 6.4 or later, preferably 6.5 or later.

See the following guide:

https://www.cisco.com/c/en/us/td/docs/security/firepower/integrations/CTR/Firepower_and_Cisco_Threat_Response_Integration_Guide/about_integrating_firepower_and_cisco_threat_response.html

The integration is free and very powerful - especially for this use case - searching through a list of IOCs to see if your security product(s) have encountered any of them.

Google some of the great Youtube demos the Cisco product team has posted for CTR.

benolyndav
Level 4
Level 4
‎06-08-2020 10:51 AM

Thanks

Very helpful

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents