Cisco Cisco Firepower Management Center 2000 Guia Do Programador
6-2
FireSIGHT eStreamer Integration Guide
Chapter 6 Configuring eStreamer
Configuring eStreamer on the eStreamer Server
Configuring eStreamer Event Types
License:
Any
You can control which types of events the eStreamer server is able to transmit to client applications that
request them.
request them.
Available event types on a managed device or a Defense Center include:
•
Intrusion events
•
Intrusion event packet data
•
Intrusion event extra data
Available event types on a Defense Center include:
•
Discovery events (this also enables connection events)
•
Correlation and white list events
•
Impact flag alerts
•
User activity events
•
Malware events
•
File events
Note that the primary and secondary in a stacked 3D9900 pair report intrusion events to the Defense
Center as if they were separate managed devices. If you configure communication with an eStreamer
client on the primary in a 3D9900 stack, you also must configure the client on the secondary; the client
configuration is not replicated. Similarly, when you delete the client, delete it in both places. If you
configure an eStreamer client for a Defense Center managing 3D9900s in a stack configuration, note that
the Defense Center reports all events received from both managed devices, even if the same event is
reported by both.
Center as if they were separate managed devices. If you configure communication with an eStreamer
client on the primary in a 3D9900 stack, you also must configure the client on the secondary; the client
configuration is not replicated. Similarly, when you delete the client, delete it in both places. If you
configure an eStreamer client for a Defense Center managing 3D9900s in a stack configuration, note that
the Defense Center reports all events received from both managed devices, even if the same event is
reported by both.
If you configure an eStreamer client on a Defense Center in a high availability
configuration, the client configuration is not replicated from the primary Defense Center to the
secondary Defense Center.
secondary Defense Center.
To configure the types of events captured by eStreamer:
Access:
Admin
Step 1
Select
System > Local > Registration
.
Step 2
Click
eStreamer
.
The eStreamer page appears with the
eStreamer Event Configuration
menu.
Step 3
Select the check boxes next to the types of events you want eStreamer to capture and forward to
requesting clients. Note that if a check box is currently cleared, that data is not being captured. Clearing
a check box does not delete data that has already been captured.
requesting clients. Note that if a check box is currently cleared, that data is not being captured. Clearing
a check box does not delete data that has already been captured.
You can select any or all of the following on a Defense Center or managed device:
•
Intrusion Events
to transmit intrusion events generated by managed devices.
•
Intrusion Event Packet Data
to transmit packets associated with intrusion events.
•
Intrusion Event Extra Data
to transmit additional data associated with intrusion events, such as the URI
associated with the originating IP address of a client connecting to a web server through an HTTP
proxy or load balancer.
proxy or load balancer.