Collect data from Cisco FTD firewall devices

Author: guywi-ms

articles/sentinel/TOC.yml

@@ -733,7 +733,9 @@
     - name: AWS S3 WAF logs
       href: connect-aws-s3-waf.md
     - name: CloudWatch events via Lambda function
-      href: cloudwatch-lambda-function.yml
+      href: cloudwatch-lambda-function.yml      
+    - name: Cisco FTD firewall
+      href: connect-cisco-ftd.md
     - name: Google Cloud Platform connectors 
       href: connect-google-cloud-platform.md
     - name: Microsoft Entra

articles/sentinel/cisco-ftd-firewall.md

@@ -0,0 +1,26 @@
+---
+title: Collect data from Cisco FTD firewall devices in ASA or CEF format
+description: "Use Microsoft Sentinel connectors to collect logs from Cisco FTD firewall devices in Adaptive Security Appliance (ASA) and Common Event Format (CEF) formats."
+author: guywi-ms
+ms.date: 03/24/2025
+ms.service: microsoft-sentinel
+ms.author: guywild
+ms.collection: sentinel-data-connector
+---
+
+# Collect data from Cisco FTD firewall devices
+
+Microsoft Sentinel provides two connectors that collect logs from Cisco FTD firewall devices in Adaptive Security Appliance (ASA) and Common Event Format (CEF) formats. This article explains when to use each connector and provides links to installation instructions.
+
+## Collect logs from a Cisco FTD ASA firewall device
+
+Install [Cisco ASA/FTD via AMA (Preview) connector for Microsoft Sentinel](../data-connectors/cisco-asa-ftd-via-ama.md).
+
+## Collect logs from a Cisco FTD FXOS firewall device
+
+1. Install and configure the Firepower eNcore eStreamer client, which emits logs in CEF format. For more information, see the full install [guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/670/api/eStreamer_enCore/eStreamereNcoreSentinelOperationsGuide_409.html).
+1. Install [Common Event Format (CEF) via AMA connector](../connect-cef-syslog-ama.md). 
+
+## Next steps
+
+Learn more about [Microsoft Sentinel data connectors](../connect-data-sources.md).