Step 1 |
Decide the following:
-
Types of events you want to send to the cloud.
-
The method of sending events.
-
The regional cloud to use for sending the events.
|
See About Secure Firewall Threat Defense and Cisco XDR Integration.
|
Step 2
|
Meet the requirements for syslog integration.
|
See Requirements for Integration Using Syslog.
|
Step 3
|
Access Security Services Exchange, the cloud portal that you will use for managing devices and filtering events for Cisco XDR integration.
|
See Access Security Services Exchange.
|
Step 4 |
Install and configure a Cisco Security Services Proxy server.
|
Download the free installer and instructions from Security Services Exchange:
In Security Services Exchange, from the Tools icon near the top-right of the browser window, select Downloads.
|
Step 5
|
In Security Services Exchange, enable features.
|
Click Cloud Services and enable the following options:
|
Step 6
|
Configure your devices to send syslog messages for supported events to the proxy server.
|
|
Step 7
|
In your product, ensure that the messages identify the device that generated each event.
|
-
In the device
manager:
Specify a hostname in Device > Hostname.
-
In the management center:
Under the Platform Settings Syslog Settings tab, Enable Syslog Device ID, and specify an identifier.
|
Step 8
|
In Security Services Exchange, configure the system to automatically promote significant events.
|
Important
|
If you do not automate event promotion, you must manually review, and promote events to view them in Cisco XDR.
|
See information in the online help in Security Services Exchange about promoting events.
To access Security Services Exchange, see Access Security Services Exchange.
|
Step 9
|
(Optional) In Security Services Exchange, configure automatic deletion of certain non significant events.
|
For more information on filtering events, see Security Services Exchange online help.
To access Security Services Exchange, see Access Security Services Exchange.
|
Step 10
|
Verify that your events appear as expected in Security Services Exchange and troubleshoot if necessary.
|
See:
|