Ctrlk
ProductBook a demoOpen app
linkedinyoutube

Cisco FTD

Connect Cisco FTD to Radiant Security to forward firewall and intrusion event syslog for AI triage.

Cisco FTD forwards syslog to Radiant Security through the Radiant Agent. This guide covers adding the Cisco FTD data feed in Radiant, deploying the Radiant Agent as the syslog receiver, and configuring syslog forwarding from the Cisco FDM UI.

Prerequisites

Add the data connector in Radiant Security

  1. Log in to Radiant Security.

  2. From the navigation menu, click Settings > Data Connectors, then click + Add Connector.

  3. Search for and select Radiant Agent, then click Data Feeds.

  4. Under Select your data feeds, select Cisco FTD (syslog), then click Credentials.

  5. Under Credential Name, enter an identifiable name for the Radiant Agent integration (e.g., Radiant Agent integration). To reuse an existing Radiant Agent credential, select it from the drop-down menu.

  6. Click Add Connector.

Configure Cisco FTD to forward syslog

Before starting, confirm the IP address of the Radiant Agent and the port configured to receive Cisco FTD data. If you do not know the port, contact your Customer Success representative.

  1. Log in to the Cisco FDM UI with a config user.

  2. From the top navigation bar, select the Cisco FTD device.

  3. Under System Settings, select Logging Settings.

  4. Enable Data Logging.

  5. Under Message Filtering for Firepower Threat Defense, set Severity level for filtering all events to Information.

  6. Under Syslog Servers, click the + button to add a new syslog server.

  7. Click Create new Syslog Server.

  8. Enter the IP address of the Radiant Agent.

  9. For Protocol Type, select TCP.

  10. For Port Number, enter the port configured on the Radiant Agent to receive Cisco FTD data.

  11. Under Interface for Device Logs, select an interface with connectivity to the Radiant Agent.

  12. Click OK, then select the newly created syslog server.

  13. Click SAVE.

  14. Click the deploy button to deploy the changes. Untitled(3)

Verify ingestion

After Cisco FTD begins forwarding, confirm alerts and events are reaching Radiant.

  1. In Radiant, navigate to Log Management.

  2. Filter by rs_connectorType:"cisco_firepower".

  3. Confirm recent alerts and events appear.

Allow several minutes for alerts and events to be parsed, indexed, and available for search.

PreviousCisco DuoNextCisco ISE

Last updated

Was this helpful?