im having same question and im looking for any opensource SIEM or external logging for the FMC since logs get rotated to fast. looking into ELK stack but having issue setting it up

You can check IOCs in groups using Cisco Threat Response if you've integrated your Firepower Management Center with CTR.

(By the way this should have been posted as a discussion, not a document.)

Hi Marvin

Thanks for the response how do I check if we have our FMC intergrated with CRT ??

apologies i didnt realise about this being posted incorrectly.

thanks

ctr

i think enabling Cisco Cloud but you need to register an account. im still a newbie with CTR.

https://visibility.amp.cisco.com/ link to CTR and remember to add Firepower module.

Yes, generally you should have 6.4 or later, preferably 6.5 or later.

See the following guide:

https://www.cisco.com/c/en/us/td/docs/security/firepower/integrations/CTR/Firepower_and_Cisco_Threat_Response_Integration_Guide/about_integrating_firepower_and_cisco_threat_response.html

The integration is free and very powerful - especially for this use case - searching through a list of IOCs to see if your security product(s) have encountered any of them.

Google some of the great Youtube demos the Cisco product team has posted for CTR.

Thanks

Very helpful