5 Replies Latest reply on Jul 19, 2017 4:30 PM by jrouviere

    Sourcefire Defense Center?

    valkyrja

      I went through the connectors in LEM and did not see anything listed for the estreamer api.

       

      Is there any way to use LEM to evaluate the logs coming in from this device? Looking to create alerts and scheduled reports based on found activity.

       

      Thank you for any info.

        • Re: Sourcefire Defense Center?
          curtisi

          First, it sure looks like Sourcefire's documentation has gone down-hill since Cisco bought them.  I spent a couple hours today trying to find an admin guide or something for Defense Center, and I got nothing.

           

          Still, it appears that the Defense Center can be configured to send syslog.  If that's true, and you can send it to the LEM, then we could have you send in that data as a sample and send it up to our developers as a new connector request.

           

          If I'm reading this all wrong, and the eStreamer API is the only way to pull data from the device...I'm not sure what it would take to make that work, but I will ask around.

            • Re: Sourcefire Defense Center?
              valkyrja

              Thank you for your reply.

               

              Yes, they can send syslog. Having a custom connector made by SW would be fantastic. Any idea how quickly they could do this?

                • Re: Sourcefire Defense Center?
                  curtisi

                  Once we have the sample logs from the device, the next steps are:

                   

                  You may also post your request to the Thwack forum for the SolarWinds product you wish to see improved.  Thwack Feature Request forums are here: http://thwack.solarwinds.com/community/feature-request_tht. Create a post titled “FEATURE REQUEST - Name of the Feature Request” and detail your request including case number. These forums are monitored by our Product Managers. This will allow other customers to voice their opinions as to whether they would find the feature useful.

                   

                  "How To Create Ideas and Feature Requests"

                  http://thwack.solarwinds.com/docs/DOC-167238


                  "Ideation Process & FAQ"

                  http://thwack.solarwinds.com/docs/DOC-167239

                   

                  Please be aware that:

                  * Developers will decide on whether or not to go ahead with implementation of the feature

                  * Developers will decide on the timeline of the release (if they decided to implement the feature)

                  * Support does not update you on whether the feature has been implemented, and you will have to check the Release Notes: http://www.solarwinds.com/documentation/documentation.aspx

                   

                  Usually it's within a couple weeks of getting the logs, but that can vary greatly if we have other projects that are more urgent/requested by customers or if the connector is going to be unusually complicated.  If all we have to do is tokenize and parse logs, and we have a tool that's already close, it can be really quick.  If it's something more complex, like accessing a database or running queries for data through an API, it may take a while.

                  1 of 1 people found this helpful
              • Re: Sourcefire Defense Center?
                coldfirex

                Was this connector ever implemented?

                We tried using "Cisco FirePower Modeul (Sourcefire 3D System)", but it didnt work so I assume that is from the Firepower device itself and not the Management Center\Defense Center.