Secure Firewall

Integrate Secure Firewall (formerly Secure Firewall Threat Defense) with Cisco Extended Detection and Response (Cisco XDR) to unify your firewall deployment with Cisco's integrated security solutions, providing seamless visibility, enhanced automation, and strengthened security across your network.

This integration requires

• a license for XDR
• a Security Cloud Control (SCC) tenant
• SAL (Security Analytics and Logging) for full integration with XDR's Data Analysis Platform

The complete integration allows XDR users to leverage Cisco Secure Firewall for incident generation, threat investigation, and response actions. A partial integration is also available that does not require SAL and only provides threat investigation and response outcomes.

Events that are available to drive investigation and incident responses are:

• Cisco Secure Firewall Intrusion events (FTD version 6.4 and later)
• File and malware events (FTD version 6.5 and later)
• High-priority connection events related to file, malware and and intrusion events (FTD version 6.5 and later)
  With SAL, these events are ingested into the XDR Data Analytics Platform and correlated with other detections and telemetry to form meaningful, holistic Incidents for your teams to process and respond to.

In all integrations, with or without SAL, these events are available to enrich XDR incidents and support ad-hoc threat hunting and investigation. Returned information when investigating network objects such as IPs and domains includes any of these alerts that involved the investigated observable, along with details such as internal and external IP address, the direction of the traffic that triggered the event, the title and message of the intrusion event if applicable, additional details of the event, and the date and time of the alert.

With this integration, customers can also use their Cisco Secure Firewall deployment to enforce IP and domain blocks in response to attacks or in proactive defense against expected threats. As well, the automatic inclusion of the firewall APIs in XDR Automate simplifies the use of these and other firewall capabilities from within the XDR interface, automation workflows, and response playbooks.