Cisco Security and Elastic

Elastic Security equips security teams to stop threats quickly and at cloud scale, with a platform for prevention, detection, and response. Elastic and Cisco Security integrations enable users to gain visibility across your enterprise. Gather data of any kind — cloud, user, network, you name it. Explore it all on tailored graphs and dashboards and leverage out-of-the-box or custom detection rules to detect potential threats.

Product Integrations

• Secure Firewall and ASA: The ASA and Firepower Threat Defense integrations provide Elastic Common Schema mappings and dashboards for ASA and FTD data, including network traffic, VPN, authentication and system events.
• Duo: Gain visibility and detect unusual authentication and SSO activity with the Cisco Duo integration. Easily onboard Duo logs into Elastic including Administrator, Authentication, Offline Enrolment and Telephony logs.
• Identity Services Engine: The Cisco Identity Services Engine (ISE) integration enables ingestion of ISE AAA Audit, Accounting, Posture, Client Provisioning Audit and Profiler events. Easily correlate ISE data with other data sources for deep security visibility.
• Meraki: Search, visualize and detect threats through the Meraki integration. MX Security Appliances and MR Access Points are both supported via syslog and API.
• Secure Endpoint: The Secure Endpoint integration enables collection, analysis and correlation of Secure Endpoint events and alerts with Elastic Security. Correlate EDR alerts with security data from cloud, network and other data sources.
• Secure Email: Leverage data from Cisco Secure Email Appliance within Elastic Security, including AMP Engine, Anti-Spam, Authentication, Bounce, HTTP, Textmail and System logs.
• Umbrella: Access users’ DNS, firewall and secure web gateway activity in Elastic. Correlate Umbrella data with security data from cloud, network and endpoint data. Ingestion of data via self-managed and Cisco-managed S3 are both supported.