About Security Analytics and Logging (SaaS) in Security Cloud Control

Terminology Note: In this documentation, when Cisco Security Analytics and Logging is used with the Secure Cloud Analytics portal (a software as a service product), you will see this integration referred to as Cisco Security Analytics and Logging (SaaS) or SAL (SaaS).

Cisco Security Analytics and Logging (SAL) allows you to capture supported types of security events from all of your firewall devices and view them in one place in Security Cloud Control. The events are stored in the Cisco cloud and viewable from the Event Logging page, where you can filter and review them to understand which security rules are being triggered in your network.

With additional licensing, after you capture these events, you can cross-launch from Security Cloud Control to a Secure Cloud Analytics portal provisioned for you.

Secure Cloud Analytics is a software as a service (SaaS) solution that analyzes events and network flow data to track the state of your network. It gathers network traffic information from sources such as firewall events and network flow data. It gathers information about your network traffic from sources such as firewall events and network flow data. Secure Cloud Analytics generates observations about the traffic and automatically identifies the roles for network entities based on detected patterns.

With this information and additional threat intelligence sources, such as Talos, Secure Cloud Analytics generates alerts to notify you of potentially malicious behavior. It also provides network and host visibility and contextual information so you can investigate alerts and identify sources of malicious activity.