Sending Events to the Cisco Cloud

You can send events to the Cisco Security Cloud. From there, various Cisco Security Cloud services can access the event data. You can then use these cloud applications, such as Cisco XDR, to analyze the events and to evaluate threats that the device might have encountered.

Before you begin

You must register the device with the Cisco Smart Software Manager before you can enable this service.

When you subscribe to Cisco XDR, you will receive an email with a link to sign in to Cisco XDR through Cisco Security Cloud Sign On. To sign in to Cisco XDR, you need a Cisco Security Cloud Sign On account. If you don’t have an account, you can create one using Creating a Security Cloud Sign On Account.

For more information about integrating Cisco XDR with FTD, see Cisco Secure Firewall Threat Defense and Cisco XDR Integration Guide.

Procedure

Step 1

Click the Cloud Services tab.

Step 2

Click the Enabled slider for the Send Events to the Cisco Cloud option to change the setting as appropriate.

Step 3

When you are enabling the service, you are prompted to select the events to send to the cloud.

  • File/Malware - For any file policies, you have applied in any access control rule.

  • Intrusion Events - For any intrusion policies, you have applied in any access control rule.

  • Connection Events - For access control rules where you have enabled logging. When you select this option, you can also elect to send All Connection Events, or only send the High Priority connection events. High-priority connection events are those related to connections that trigger intrusion, file, or malware events, or that match Security Intelligence blocking policies.

Step 4

Click Save.

Step 5

Review and deploy the changes you made now, or wait and deploy multiple changes at once.