Prerequisites

  • OpsRamp Classic Gateway 14.0.0 and above.
  • OpsRamp NextGen Gateway 14.0.0 and above.
    Note: OpsRamp recommends using the latest Gateway version for full coverage of recent bug fixes, enhancements, etc.

Configure Cisco Firepower Threat Defense Integration

Click here to Configure and Install the Cisco Firepower Threat Defense integration
  1. To select your client, navigate to All Clients, and click the Client/Partner dropdown menu.
    Note: You may either type your client’s name in the search bar or select your client from the list.

  2. Navigate to Setup > Account. The Account Details screen is displayed.

  3. Click Integrations. The Installed Integrations screen is displayed with all the installed applications.
    Note: If you do not have any installed applications, you will be navigated to the Available Integrations and Apps page with all the available applications along with the newly created application with the version.

  4. Click + ADD on the Installed Integrations page.
    Note: Search for the integration either by entering the name of the integration in the search bar or by selecting the category of the integration from the All Categories dropdown list.

  5. Click ADD in the Cisco Firepower Threat Defense application application.

  6. In the Configuration screen, click + ADD. The Add Configuration screen appears.

  7. Enter the following BASIC INFORMATION:


Field NameDescriptionField Type
NameEnter the name for the configuration.String
IpAddress/HostNameEnter the IpAddress/HostName of Cisco Firepower Threat Defense, and it is accessible from Gateway.Integer
Is SecureSelect this checkbox if you want the communication between your system and the specified endpoint to be secured using protocols such as HTTPS (HTTP over SSL/TLS).
Default Selection: When selected, it signifies that the connection is encrypted, providing an added layer of security to the data being transmitted.
Checkbox
PortEnter the port number to communicate with OpsRamp's endpoints. It should be accessible from Gateway.

Note: By default 443 is added.
Integer
Managed BySelect Managed By from the drop-down list.

Note: As of now the application only supports discovery and monitoring for FTDs managed by:
  • Firepower management Center (FMC)
  • Firepower device manager (FDM)
Dropdown
CredentialsSelect the Credential from the drop-down list.

(Optional): Click + Add to create a credential. The ADD CREDENTIAL window is displayed. Enter the following information.
  • Name: Credential name.
  • Description: Brief description of the credential.
  • User Name: User name.
  • Password: Password.
  • Confirm Password: Confirm password
Dropdown
App Failure NotificationsWhen selected, you will be notified in case of an application failure such as Connectivity Exception, Authentication Exception.Checkbox
Alert ConfigurationSelect this checkbox if you want to enable integrating third party alerts into OpsRamp using further configurations.Checkbox
Alert SeverityIndicates the severity level assigned to alerts generated by the integration. By default, possible values of Alert Severity filter configuration property are "RED","YELLOW"String
Alert Severity MappingIndicates correlation between alerts generated by the integrated system and OpsRamp's predefined alert classifications. Possible values of Alert Severity Mapping filter configuration property are "RED":"Critical","YELLOW":"Warning".String
  1. CUSTOM ATTRIBUTES: Custom attributes are the user-defined data fields or properties that can be added to the preexisting attributes to configure the integration.
Field NameDescriptionField Type
Custom AttributeSelect the custom attribute from the dropdown. You can add attributes by clicking the Add icon (+).Dropdown
ValueSelect the value from the dropdown.Dropdown

Note: The custom attribute that you add here will be assigned to all the resources that are created by the integration. You can add a maximum of five custom attributes (key and value pair).

  1. In the RESOURCE TYPE section, select:
    • ALL: All the existing and future resources will be discovered.
    • SELECT: You can select one or multiple resources to be discovered.
  2. In the DISCOVERY SCHEDULE section, select recurrence pattern to add one of the following patterns:
    • Minutes
    • Hourly
    • Daily
    • Weekly
    • Monthly
  3. Click ADD.


Now the configuration is saved and displayed on the configurations page after you save it.
Note: From the same page, you may Edit and Remove the created configuration.
12. Under the ADVANCED SETTINGS, Select the Bypass Resource Reconciliation option, if you wish to bypass resource reconciliation when encountering the same resources discovered by multiple applications.
Note: If two different applications provide identical discovery attributes, two separate resources will be generated with those respective attributes from the individual discoveries.
13. Click NEXT.
14. (Optional) Click +ADD to create a new collector. You can either use the pre-populated name or give the name to your collector.
15. Select an existing registered profile.


  1. Click FINISH.
    The integration is installed and displayed on the INSTALLED INTEGRATION page. Use the search field to find the installed integration.

Modify the Configuration

Click here to Modify the Configuration

Discover Resources in Cisco Firepower Threat Defense Integrations

Click here to View the Cisco Firepower Threat Defense Details

To discover resources for Cisco Firepower Threat Defense:

The Cisco Firepower Threat Defense application integration is displayed in the below navigation:

  • FMC: Infrastructure > Resources > Server.



  • FTD: Infrastructure > Resources > Network Device > Firewall.