Sending Events to the Cisco Cloud

You can send events to the Cisco cloud server. From there, various Cisco cloud services can access the events. You can then use these cloud applications, such as Cisco Threat Response, to analyze the events and to evaluate threats that the device might have encountered.

Before you begin

You must register the device with the Cisco Smart Software Manager before you can enable this service.

You can connect to the Cisco Threat Response at https://visibility.amp.cisco.com/ in the US region, https://visibility.amp.cisco.com/ in the EU region. You can watch videos about the use and benefits of the application on YouTube at http://cs.co/CTRvideos. For more information about using Cisco Threat Response with FTD, see Firepower and CTR Integration Guide, which you can find at https://www.cisco.com/c/en/us/support/security/defense-center/products-installation-and-configuration-guides-list.html.

Procedure

Step 1

Click the Cloud Services tab.

Step 2

Click the Enabled slider for the Send Events to the Cisco Cloud option to change the setting as appropriate.

Step 3

When you are enabling the service, you are prompted to select the events to send to the cloud.

  • File/Malware - For any file policies, you have applied in any access control rule.

  • Intrusion Events - For any intrusion policies, you have applied in any access control rule.

  • Connection Events - For access control rules where you have enabled logging. When you select this option, you can also elect to send All Connection Events, or only send the High Priority connection events. High-priority connection events are those related to connections that trigger intrusion, file, or malware events, or that match Security Intelligence blocking policies.

Step 4

Click Save.

Step 5

Review and deploy the changes you made now, or wait and deploy multiple changes at once.