Configure a Secure Network Analytics Manager
Configure the Secure Network Analytics Manager deployment to integrate SAL (OnPrem) with Security Cloud Control-managed threat defense devices.
Before you begin
Ensure the following:
-
You have a provisioned Security Cloud Control tenant and have the following Security Cloud Control user roles:
-
Admin
-
Super admin
-
-
Your threat defense devices are working as expected and are generating events.
-
If you are currently using syslog to send events to the Secure Network Analytics Manager from device versions that support sending events directly, disable syslog for those devices (or assign those devices an access control policy that does not include syslog configurations) to avoid duplicating events on the remote volume.
-
You have the hostname or the IP address of your Secure Network Analytics Manager.
Note | You may be logged out of the Secure Network Analytics Manager during the registration process; complete any work in progress before you start with the deployment wizard. |
Procedure
Step 1 | Log in to Security Cloud Control. | ||
Step 2 | From the Security Cloud Control menu, navigate to open the Services page. | ||
Step 3 | Select Cloud-Delivered FMC and then click Configuration. | ||
Step 4 | Navigate to . | ||
Step 5 | In the Secure Network Analytics Manager Only widget, click Start. | ||
Step 6 | Enter the hostname or the IP address and port number of the Secure Network Analytics Manager and click Next. | ||
Step 7 | Deploy the changes to the managed devices. The event data is not logged to the SAL (OnPrem) until the logging policy changes are deployed to the registered threat defense devices.
| ||
Step 8 | Click OK. |