firewall.cisco.ftd
- Juan Tomás Alonso Nieto (Deactivated)
May 08, 2023
1 min read
Loading data...
[ 1 Introduction ] [ 2 Valid tags and data tables ] [ 3 How is the data sent to Devo? ]
Introduction
The tags beginning with firewall.cisco.ftd identify events generated by Cisco Firepower Threat Defense.
Valid tags and data tables
The full tag must have 3 levels. The first two are fixed as firewall.cisco. The third level identifies the type of events sent.Â
Technology | Brand | Type |
|---|---|---|
Firewall | cisco | ftd |
These are the valid tags and corresponding data tables that will receive the parsers' data:
Tag | Data table |
|---|---|
firewall.cisco.ftd | firewall.cisco.ftd |
How is the data sent to Devo?
Logs generated by Cisco Firepower Thread Defense Firewall must be sent to the Devo platform via the Devo Relay to secure communication. See the required relay rules below:
Relay rule 1Â
Source Port → any free port available
Source Data → %FTD-
Target Tag → firewall.cisco.ftd
Select the Stop Processing and Sent without syslog tag checkboxes
