Managing Threat Defense Events and Analytics

The events and analytics management can be retained in the management center or transferred to Cisco Defense Orchestrator, where the devices must be configured to send events to Cisco Defense Orchestrator. While initiating the migration process, you are allowed to choose the manager to which the device events must be sent for analytics.

If you select the management center for analytics, Cisco Defense Orchestrator becomes the manager for selected devices but retains a copy of those devices on the management center in analytics-only mode. The devices continue to send events to the management center, and Cisco Defense Orchestrator manages the configuration changes.

If you select Cisco Defense Orchestrator for analytics, Cisco Defense Orchestrator becomes the manager for the selected devices and deletes these devices from the management center. Cisco Defense Orchestrator manages both configuration changes and events and analytics management. You must configure threat defense devices to send events to the Cisco cloud. You can use either Security Services Exchange or the Secure Event Connector (SEC) to send events from the devices to the Cisco Secure Analytics and Logging (SAL) in the cloud.