Integrate Cisco Firepower with Red Canary
    • 25 Jul 2024
    • 1 Minute to read
    • PDF

    Integrate Cisco Firepower with Red Canary

    • PDF

    Article summary

    Integrating Cisco Firepower with Red Canary enhances threat detection and response capabilities by centralizing security data and automating incident response workflows. To integrate Cisco Firepower with Red Canary, follow the procedure below from beginning to end.

    Red Canary–Create your Red Canary generated email

    Create a Red Canary provided-email to send Cisco Firepower alerts for ingestion. 

    1. From your Red Canary homepage, click Integrations, and See all integrations.

    2. Type and select Cisco Firepower.

    3. Click Configure.

    4. Enter a Name for your external alert source.  

    5. Select a Display Category.

    6. Under the Ingest Format/Method dropdown, select Cisco Firepower via Email.

      Note: If you do not see your security product listed, click See all integrations

    7. Click Save Configuration. This will generate the email address to which Cisco Firepower alerts will be sent.

      2.png

    8. Click Edit Configuration.

    9. Click Activate.

      NOTE: Any devices inline between the Firepower device and Red Canary that may manipulate email messages (i.e., Perimeter Devices) should have an exclusion in place to bypass these processes; otherwise, the email message may be manipulated prior to being ingested by Red Canary and subsequently reformatted to HTML.

      For more information on completing the set up for Cisco Firepower, please click here.

      Note: From the Syslog Severity dropdown, select warning. Click OK to save the configuration.

    warning.png


    Was this article helpful?