Skip to content

Commit af93ef8

Browse files
rmca14rmca14
authored
Merge pull request #296849 from guywi-ms/cisco-ftd
Collect data from Cisco FTD firewall devices
2 parents 10a39a9 + 1ed82af commit af93ef8

File tree

2 files changed

+32
-1
lines changed

2 files changed

+32
-1
lines changed

articles/sentinel/TOC.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -733,7 +733,9 @@
733733
- name: AWS S3 WAF logs
734734
href: connect-aws-s3-waf.md
735735
- name: CloudWatch events via Lambda function
736-
href: cloudwatch-lambda-function.yml
736+
href: cloudwatch-lambda-function.yml
737+
- name: Cisco FTD firewall
738+
href: cisco-ftd-firewall.md
737739
- name: Google Cloud Platform connectors
738740
href: connect-google-cloud-platform.md
739741
- name: Microsoft Entra

articles/sentinel/cisco-ftd-firewall.md

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
---
2+
title: Collect data from Cisco FTD firewall devices running ASA and FXOS
3+
description: "Use Microsoft Sentinel connectors to collect logs from Cisco FTD firewall devices in Adaptive Security Appliance (ASA) and Common Event Format (CEF) formats."
4+
author: guywi-ms
5+
ms.date: 03/24/2025
6+
ms.service: microsoft-sentinel
7+
ms.author: guywild
8+
ms.topic: conceptual
9+
ms.collection: sentinel-data-connector
10+
---
11+
12+
# Collect data from Cisco FTD firewall devices
13+
14+
Microsoft Sentinel provides two connectors that collect logs from Cisco Firepower Threat Defense (FTD) firewall devices, depending on whether the devices run the Adaptive Security Appliance (ASA) operating system or Firepower eXtensible Operating System (FXOS). This article explains when to use each connector and provides links to installation instructions.
15+
16+
## Collect logs from a Cisco FTD ASA firewall device
17+
18+
To collect logs from FTD ASA firewall devices, use the [Cisco ASA/FTD via AMA (Preview) connector](../sentinel/data-connectors/cisco-asa-ftd-via-ama.md).
19+
20+
## Collect logs from a Cisco FTD FXOS firewall device
21+
22+
To collect logs from a Cisco FTD FXOS firewall device:
23+
24+
1. Install and configure the Firepower eNcore eStreamer client, which emits logs in Common Event Format (CEF) format. For more information, see the full install [guide](https://www.cisco.com/c/en/us/td/docs/security/firepower/670/api/eStreamer_enCore/eStreamereNcoreSentinelOperationsGuide_409.html).
25+
1. Install [CEF via AMA connector](connect-cef-syslog-ama.md).
26+
27+
## Next steps
28+
29+
Learn more about [Microsoft Sentinel data connectors](connect-data-sources.md).

0 commit comments

Comments
 (0)