Cisco Cisco Firepower Management Center 2000 开发者指南

Version 5.3

Sourcefire 3D System eStreamer Integration Guide

405

Configuring eStreamer

Configuring eStreamer on the eStreamer Server

Chapter 6

Configuring eStreamer on the eStreamer Server

: Any

Before the Defense Center or Device you want to use as an eStreamer server can 

begin streaming events to a client application, you must configure the eStreamer 

server to send events to clients, provide information about the client, and 

generate a set of authentication credentials to use when establishing 

communication. You can perform all of these tasks from the Defense Center or 

Device user interface.
See the following sections for more information:

Configuring eStreamer Event Types

: Any

You can control which types of events the eStreamer server is able to transmit to 

client applications that request them. 
Available event types on a Device or a Defense Center include:

Intrusion events

Intrusion event packet data

Intrusion event extra data

Available event types on a Defense Center include:

Discovery events (this also enables connection events)

Correlation and white list events

Impact flag alerts

User activity events

Malware events

File events

Note that the primary and secondary in a stacked 3D9900 pair report intrusion 

events to the Defense Center as if they were separate managed devices. If you 

configure communication with an eStreamer client on the primary in a 3D9900 

stack, you also need to configure the client on the secondary; the client 

configuration is not replicated. Similarly, when you delete the client, delete it in 

both places. If you configure an eStreamer client for a Defense Center managing 

3D9900s in a stack configuration, note that the Defense Center reports all events 

received from both managed devices, even if the same event is reported by both.