Collect data from Cisco FTD(Firepower) firewall devices

Question

Hello,

I hope this message finds you well.

I am reaching out for assistance with ingesting data from a Cisco Firepower 2130 firewall into Microsoft Sentinel. I have already installed the Cisco "Firepower eStreamer" application, but I am unsure how to proceed with setting up the data connector.

From what I understand, the process involves creating a Linux machine, installing the Microsoft Monitoring Agent, and deploying the Firepower eNcore client. This setup appears quite involved, and I would like to know if there is a simpler or more streamlined method available to ingest data from a Cisco FTD firewall.

If no alternative exists, could you please provide a detailed, step-by-step guide to complete the setup? A video tutorial would also be greatly appreciated if available.

Additionally, does Microsoft offer any support in provisioning the Linux machine and configuring the Firepower eNcore client on a virtual machine?

Thank you in advance for your guidance and support.

Answer 1

Hi Aksoy, Mehmet

Microsoft Sentinel offers two connectors for collecting logs from Cisco Firepower Threat Defense (FTD) firewalls, depending on whether the devices run the Adaptive Security Appliance (ASA) OS or the Firepower eXtensible Operating System (FXOS). This guide outlines when to use each connector and links to their setup instructions - Collect data from Cisco FTD firewall devices.

If you find the answer above helpful, please "Accept the answer" to help anyone in the community who might have a similar question to quickly find the solution.