Open tipy486 opened 1 year ago
Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
I'm also interested, any progress after a year ?
@barovski we don't currently have access to sample data from a Firepower Management Center. If you're willing to provide a broad set of sample data you'd like to cover, we can assess the feasibility of supporting FMC.
@jamiehynds sample data of intrusion event is attached Intrusion_Event.json .zip
Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)
Describe the enhancement: Cisco firewalls are managed by the Cisco Firepower Management Center (FMC) Security events such as intrusion events and security intelligence events are logged from the FMC itself instead of the FTD-device, which is already supported in the Cisco Filebeat Module. The logs from the FMC does not fit the current module, and the entire log ends up in "log.orginal" which is not indexed or searchable. Describe a specific use case for the enhancement or feature: Being able to index, search, and use Elastic in a more comprehensive way in the SOC. Make visualizations and dashboards to better support the IRT-team when investigating incidents.