How Catalyst SD-WAN Router Share Events with Security Cloud Control Firewall Management
The following diagram describes how Catalyst SD-WAN shares security events with Security Cloud Control Firewall Management.
|
Step |
Description |
|---|---|
|
1 |
A remote user accesses the network and the Catalyst SD-WAN device generates event log for the corresponding traffic. The device then exports the event data to a PSV file and sends it to the Catalyst SD-WAN Manager. |
|
2 |
Catalyst SD-WAN Manager sends the event data to the SD-WAN Analytics cloud. |
|
3 |
SD-WAN Analytics stores the event data in cloud to make it accessible for Security Services Exchange and notifies Security Services Exchange. After receiving the notification from SD-WAN Analytics cloud, Security Services Exchange downloads the event data from SD-WAN AWS cloud. |
|
4 |
Security Services Exchange converts the event data from PSV to JSON format and sends it to Cisco Security Analytics and Logging (SaaS). |
|
5 |
Security Analytics and Logging (SaaS) process the event data using various services to classify and enrich it for use by the Security Cloud Control. It stores the event data in the cloud data store, which is queried by the event viewer to provide SOC analysts with the relevant event data. |