Cisco Cisco Firepower Management Center 2000 Guida Dello Sviluppatore
Version 5.3
Sourcefire 3D System eStreamer Integration Guide
405
Configuring eStreamer
Configuring eStreamer on the eStreamer Server
Chapter 6
Configuring eStreamer on the eStreamer Server
L
ICENSE
: Any
Before the Defense Center or Device you want to use as an eStreamer server can
begin streaming events to a client application, you must configure the eStreamer
server to send events to clients, provide information about the client, and
generate a set of authentication credentials to use when establishing
communication. You can perform all of these tasks from the Defense Center or
Device user interface.
See the following sections for more information:
See the following sections for more information:
•
•
•
Configuring eStreamer Event Types
L
ICENSE
: Any
You can control which types of events the eStreamer server is able to transmit to
client applications that request them.
Available event types on a Device or a Defense Center include:
Available event types on a Device or a Defense Center include:
•
Intrusion events
•
Intrusion event packet data
•
Intrusion event extra data
Available event types on a Defense Center include:
•
Discovery events (this also enables connection events)
•
Correlation and white list events
•
Impact flag alerts
•
User activity events
•
Malware events
•
File events
Note that the primary and secondary in a stacked 3D9900 pair report intrusion
events to the Defense Center as if they were separate managed devices. If you
configure communication with an eStreamer client on the primary in a 3D9900
stack, you also need to configure the client on the secondary; the client
configuration is not replicated. Similarly, when you delete the client, delete it in
both places. If you configure an eStreamer client for a Defense Center managing
3D9900s in a stack configuration, note that the Defense Center reports all events
received from both managed devices, even if the same event is reported by both.