Cisco eStreamer collector
- Juan Tomás Alonso Nieto (Deactivated)
Analytics
Service description
The Cisco Event Streamer (also known as Cisco eStreamer) allows you to stream Firepower System events to external client applications. You can stream host, discovery, correlation, compliance allow list, intrusion, user activity, file, malware, and connection data from a Management Center and you can stream intrusion data from 7000 and 8000 series devices.
Data source description
Currently, the Cisco eStreamer collector generates host, discovery, correlation, compliance allow list, intrusion, user activity, file, malware, and connection events. The collector processes the eStreamer responses and sends them to the Devo platform, which will categorize all the information received on the following tables:
Group name | Details | Data tables |
|---|---|---|
Metadata | Context information for codes and numeric identifiers in the event records |
|
Packet | Packets associated with intrusion events |
|
Intrusion | Intrusion events generated by managed devices |
|
File malware | Malware events |
|
Correlation | Correlation and allow list events |
|
Connection | Connection events |
|
RNA | Realtime Network Awareness events |
|
RUA | Realtime User Awareness events |
|
Event | Additional data for intrusion events |
|
For more info about the Cisco eStreamer, visit the Firepower System Event Streamer Integration Guide.
Setup
The Cisco eStreamer data collector works over the Cisco FMC (Firepower Management Center) devices. To start receiving data from the eStreamer protocol, you need to set up the eStreamer service in the FMC.
Setting up eStreamer
Access the FMC web console.
Go to System → Integration → eStreamer
Check the events that you want to receive and save the changes.
Create a new client and save the certificate (and password/passphrase if configured) to be used later in the collector.
Run the collector
Once the data source is configured, you can either send us the required information if you want us to host and manage the collector for you (Cloud collector), or deploy and host the collector in your own machine using a Docker image (On-premise collector).