How Catalyst SD-WAN Router Share Events with Security Cloud Control Firewall Management
The following diagram describes how Catalyst SD-WAN shares security events with Security Cloud Control Firewall Management.
|
Step |
Description |
|---|---|
|
1 |
A remote user accesses the network and the Catalyst SD-WAN device generates event log for the corresponding traffic. The device then exports the event data to a PSV file and sends it to the Catalyst SD-WAN Manager. |
|
2 |
Catalyst SD-WAN Manager sends the event data to the SD-WAN Analytics cloud. |
|
3 |
SD-WAN Analytics stores the event data in cloud to make it accessible for Security Services Exchange and notifies Security Services Exchange. After receiving the notification from SD-WAN Analytics cloud, Security Services Exchange downloads the event data from SD-WAN AWS cloud. |
|
4 |
Security Services Exchange converts the event data from PSV to JSON format and sends it to Cisco Security Analytics and Logging (SaaS). |
|
5 |
Security Analytics and Logging (SaaS) process the event data using various services to classify and enrich it for use by the Security Cloud Control Firewall Management . It stores the event data in the cloud data store, which is queried by the event viewer to provide SOC analysts with the relevant event data. |