Cisco Cisco Firepower Management Center 2000 Entwickleranleitung
6-3
FireSIGHT eStreamer Integration Guide
Chapter 6 Configuring eStreamer
Configuring eStreamer on the eStreamer Server
You can also select any or all of the following on a Defense Center:
•
Discovery Events
to transmit host discovery events
Note
If you want connection events, then you must enable discovery events.
•
Correlation Events
to transmit correlation and white list events.
•
Impact Flag Alerts
to transmit impact alerts generated by the Defense Center.
•
User Activity Events
to transmit user events.
•
Intrusion Event Extra Data
to transmit additional data for intrusion events, such as the URI associated
with the originating IP address of a client connecting to a web server through an HTTP proxy or load
balancer.
balancer.
Note
Note that this controls which events the eStreamer server can transmit. Your client
application must still specifically request the types of events you want it to receive. For
more information, see
application must still specifically request the types of events you want it to receive. For
more information, see
Step 4
Click
Save
.
Your settings are saved and the events you selected will be forwarded to eStreamer clients when
requested.
requested.
Adding Authentication for eStreamer Clients
License:
Any
Before eStreamer can send events to a client, you must add the client to the eStreamer server’s peers
database. You must also copy the authentication certificate generated by the eStreamer server to the
client.
database. You must also copy the authentication certificate generated by the eStreamer server to the
client.
To add an eStreamer client:
Access:
Admin
Step 1
Select
Local
>
Registration
>
eStreamer.
The
eStreamer page appears.
Step 2
Click
Create Client
.
The Create Client page appears.
Step 3
In the
Hostname
field, enter the host name or IP address of the host running the eStreamer client.
Note
If you use a host name, the host input server must be able to resolve the host to an IP address.
If you have not configured DNS resolution, you should configure it first or use an IP address.
If you have not configured DNS resolution, you should configure it first or use an IP address.
Step 4
To encrypt the certificate file, enter a password in the
Password
field.
Step 5
Click
Save
.