Step 1 |
Decide the following:
-
Types of events you want to send to the cloud.
-
The method of sending events.
-
The regional cloud to use for sending the events.
|
See About Secure Firewall Management Center and SecureX.
|
Step 2
|
Meet the requirements.
|
See Requirements for Integration Using Syslog.
|
Step 3
|
Access SSE, the portal for SecureX that you use for managing devices and filtering events.
|
See Access Security Services Exchange.
|
Step 4 |
Install and configure a Cisco Security Services Proxy (CSSP) server.
|
Download the free installer and instructions from SSE:
In SSE, from the Tools icon near the top-right of the browser window, select Downloads.
|
Step 5
|
In SSE, enable features.
|
Click Cloud Services and enable the following options:
|
Step 6
|
Configure your devices to send syslog messages for supported events to the proxy server.
|
See the Event Analysis Using External Tools section in the Cisco Secure Firewall Management
Center Administration Guide.
|
Step 7
|
In your product, ensure that the messages identify the device that generated each event.
|
In your management center, under the Platform Settings Syslog Settings tab, Enable Syslog Device ID, and specify an identifier.
|
Step 8
|
Verify that your events appear as expected in SSE and troubleshoot if necessary.
|
See:
|
Step 9
|
In SSE, configure the system to automatically promote significant events.
|
Important
|
If you do not automate event promotion, you must manually review, and promote events to view them in SecureX.
|
See information in the online help in SSE about promoting events.
To access SSE, see Access Security Services Exchange.
|
Step 10
|
(Optional) In SSE, configure automatic deletion of certain non significant events.
|
For more information on filtering events, see SSE online help.
To access SSE, see Access Security Services Exchange.
|