Is there a way to integrate Cisco Firepower into SolarWinds Orion
It is possible to monitor the firewall in the latest NPM release. To my knowledge, not the IPS/IDS.
From Cisco:
Should be able to send netflow to NTA - AVC - More than 3000 application-layer and risk-based controls can invoke tailored IPS threat-detection policies to improve security effectiveness.
Monitor the basic firewall, not FirePOWER with NPM - ASA with FirePOWER NGIPS - Highly effective threat prevention and a full contextual awareness of users, infrastructure, applications, and content help you detect multivector threats and automate the defense response.
Not to my knowledge - Reputation and URL filtering - This filtering provides comprehensive alerting and control over suspect web traffic. It enforces policies on hundreds of millions of URLs in more than 80 categories.
Not to my knowldege - AMP - Effective breach detection with low TCO offers protection value. Discover, understand, and stop malware and emerging threats missed by other security layers
Thanks,
Alex
Since the firepower has both the FTD (physical box) and then the vm (web interface) which device would I be able to monitor with Orion? I want to be able to monitor it similar to how we are now able to monitor the ASA.
Would I configure netflow on the FTD or cli?
I think Firepower FXOS is currently buggy so until the Cisco BAU works with Solarwinds, I don't think we will be able to connect the FXOS side to Solarwinds. I currently have a TAC case open on the issue and I am going to see if I can move it up to the BAU to resolve. Also offer priv auth MD5 as well as SHA1 and up to AES-256 for privacy like the ASA and the NEXUS platforms. Of course the ASA side of Firepower works.
The Cisco website does have MIBs available for the Firepower software, but you need to make sure you are looking in the correct sections. You need to look in the base software version, not the patch sections (6.4.0 not 6.4.0.7) . At this time, the zipfile with fXOS mibs has 77 MY files, so there is a lot of information that SolarWinds could look through to add.
I am not posting the file here, as I did not ask cisco for permission to post it, but Solarwinds should be able to get them.
Depending on which FTD device / version you're using, it can be a bit tricky to add it to SW. I found this Cisco support article helpful.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.