This article leads you through the process of integrating Cisco Firepower with Red Canary. Follow the procedure from beginning to end.
Step 1: Red Canary–Create your Red Canary generated email
Create a Red Canary provided-email to send Cisco Firepower alerts for ingestion.
- From your Red Canary homepage, click Integrations.
- From the Integrations section, locate and then click the Cisco Firepower security product you want to integrate with Red Canary.
Note: If you do not see your security product listed, click See all integrations. - In the search bar, type and then select the Cisco Firepower security source.
- Continue onto the next step by configuring your Cisco Firepower security source in Red Canary.
Note: Your third-party security source may require that you contact Red Canary to configure. - Enter a Name for your external alert source.
- Select a Display Category.
- Under the Ingest Format/Method dropdown, select Cisco Firepower via Email.
- NOTE: We only do Alert Investigation on Cisco Firepower alerts if they are received via email.
- Click Save Configuration. This will generate the email address to which Cisco Firepower alerts will be sent.
- Click Edit Configuration.
- Click Activate.
NOTE: Any devices inline between the Firepower device and Red Canary that may manipulate email messages (i.e., Perimeter Devices) should have an exclusion in place to bypass these processes; otherwise, the email message may be manipulated prior to being ingested by Red Canary and subsequently reformatted to HTML.
For more information on completing the set up for Cisco Firepower, please click here.
Comments
1 comment
The article does not explain where to enter the email provided within Firepower. Anyone unfamiliar with navigating and using the FMC only has half the process.
Please sign in to leave a comment.