Cisco Cisco Firepower Management Center 4000 Developer's Guide
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
407
Configuring eStreamer
Configuring eStreamer on the eStreamer Server
Chapter 6
3. Select the check boxes next to the types of events you want eStreamer to
capture and forward to requesting clients. Note that if a check box is currently
unchecked, that data is not being captured. Unchecking a check box does not
delete data that has already been captured.
You can select any or all of the following on a Device or Defense Center:
You can select any or all of the following on a Device or Defense Center:
•
Intrusion Events to transmit intrusion events generated by managed
devices.
•
Intrusion Event Packet Data to transmit packets associated with intrusion
events.
•
Intrusion Event Extra Data to transmit additional data associated with
intrusion events, such as the URI associated with the originating IP
address of a client connecting to a web server through an HTTP proxy
or load balancer.
You can also select any or all of the following on a Defense Center:
•
Discovery Events to transmit host discovery events
TIP!
If you want connection events, then you must enable discovery events.
•
Correlation Events to transmit correlation and white list events.
•
Impact Flag Alerts to transmit impact alerts generated by the Defense
Center.
•
User Activity Events to transmit user events.
•
Intrusion Event Extra Data to transmit additional data for intrusion events,
such as the URI associated with the originating IP address of a client
connecting to a web server through an HTTP proxy or load balancer.
IMPORTANT!
Note that this controls which events the eStreamer server can
transmit. Your client application must still specifically request the types of
events you want it to receive. For more information, see
4. Click Save.
Your settings are saved and the events you selected will be forwarded to
eStreamer clients when requested.
Adding Authentication for eStreamer Clients
L
ICENSE
: Any
Before eStreamer can send events to a client, you must add the client to the
eStreamer server’s peers database. You must also copy the authentication
certificate generated by the eStreamer server to the client.