Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
C H A P T E R
1-1
FireSIGHT eStreamer Integration Guide
1
Introduction
The Cisco Event Streamer (also known as eStreamer) allows you to stream FireSIGHT System intrusion,
discovery, and connection data from the Cisco Defense Center or managed device (also referred to as the
eStreamer server) to external client applications.
discovery, and connection data from the Cisco Defense Center or managed device (also referred to as the
eStreamer server) to external client applications.
Note that eStreamer is not supported on virtual devices. To stream events from a virtual device, you can
configure eStreamer on the Defense Center that the device reports to.
configure eStreamer on the Defense Center that the device reports to.
eStreamer uses a custom application layer protocol to communicate with connected client applications.
As the purpose of eStreamer is simply to return data that the client requests, the majority of this guide
describes the eStreamer formats for the requested data.
As the purpose of eStreamer is simply to return data that the client requests, the majority of this guide
describes the eStreamer formats for the requested data.
There are three major steps to creating and integrating an eStreamer client with a FireSIGHT System:
1.
Write a client application that exchanges messages with the Defense Center or managed device
using the eStreamer application protocol. The eStreamer SDK includes a reference client
application.
using the eStreamer application protocol. The eStreamer SDK includes a reference client
application.
2.
Configure a Defense Center or device to send the required type of events to your client application.
3.
Connect your client application to the Defense Center or device and begin exchanging data.
This guide provides the information you need to successfully create and run an eStreamer Version 5.3.1
client application.
client application.
Major Changes in eStreamer Version 5.3.1
If you are upgrading your FireSIGHT System deployment to Version 5.3.1, please note the following
changes, some of which may require you to update your eStreamer client:
changes, some of which may require you to update your eStreamer client:
•
Fixed errors in the following blocks:
–
Fixed
with correct information for the handling of IPv4
addresses.
–
Fixed
with correct information for the handling of
IPv4 addresses.
–
Fixed
with correct information for the
handling of IPv4 addresses.