Prerequisites
- OpsRamp Classic Gateway 14.0.0 and above.
- OpsRamp NextGen Gateway 14.0.0 and above.
Note: OpsRamp recommends using the latest Gateway version for full coverage of recent bug fixes, enhancements, etc.
Configure Cisco Firepower Threat Defense Integration
Click here to Configure and Install the Cisco Firepower Threat Defense integration
To select your client, navigate to All Clients, and click the Client/Partner dropdown menu.
Note: You may either type your client’s name in the search bar or select your client from the list.Navigate to Setup > Account. The Account Details screen is displayed.
Click Integrations. The Installed Integrations screen is displayed with all the installed applications.
Note: If you do not have any installed applications, you will be navigated to the Available Integrations and Apps page with all the available applications along with the newly created application with the version.Click + ADD on the Installed Integrations page.
Note: Search for the integration either by entering the name of the integration in the search bar or by selecting the category of the integration from the All Categories dropdown list.Click ADD in the Cisco Firepower Threat Defense application application.
In the Configuration screen, click + ADD. The Add Configuration screen appears.
Enter the following BASIC INFORMATION:
| Field Name | Description | Field Type |
|---|---|---|
| Name | Enter the name for the configuration. | String |
| IpAddress/HostName | Enter the IpAddress/HostName of Cisco Firepower Threat Defense, and it is accessible from Gateway. | Integer |
| Is Secure | Select this checkbox if you want the communication between your system and the specified endpoint to be secured using protocols such as HTTPS (HTTP over SSL/TLS). Default Selection: When selected, it signifies that the connection is encrypted, providing an added layer of security to the data being transmitted. | Checkbox |
| Port | Enter the port number to communicate with OpsRamp's endpoints. It should be accessible from Gateway. Note: By default 443 is added. | Integer |
| Managed By | Select Managed By from the drop-down list. Note: As of now the application only supports discovery and monitoring for FTDs managed by:
| Dropdown |
| Credentials | Select the Credential from the drop-down list. (Optional): Click + Add to create a credential. The ADD CREDENTIAL window is displayed. Enter the following information.
| Dropdown |
| App Failure Notifications | When selected, you will be notified in case of an application failure such as Connectivity Exception, Authentication Exception. | Checkbox |
| Alert Configuration | Select this checkbox if you want to enable integrating third party alerts into OpsRamp using further configurations. | Checkbox |
| Alert Severity | Indicates the severity level assigned to alerts generated by the integration. By default, possible values of Alert Severity filter configuration property are "RED","YELLOW" | String |
| Alert Severity Mapping | Indicates correlation between alerts generated by the integrated system and OpsRamp's predefined alert classifications. Possible values of Alert Severity Mapping filter configuration property are "RED":"Critical","YELLOW":"Warning". | String |
- CUSTOM ATTRIBUTES: Custom attributes are the user-defined data fields or properties that can be added to the preexisting attributes to configure the integration.
| Field Name | Description | Field Type |
|---|---|---|
| Custom Attribute | Select the custom attribute from the dropdown. You can add attributes by clicking the Add icon (+). | Dropdown |
| Value | Select the value from the dropdown. | Dropdown |
Note: The custom attribute that you add here will be assigned to all the resources that are created by the integration. You can add a maximum of five custom attributes (key and value pair).
- In the RESOURCE TYPE section, select:
- ALL: All the existing and future resources will be discovered.
- SELECT: You can select one or multiple resources to be discovered.
- In the DISCOVERY SCHEDULE section, select recurrence pattern to add one of the following patterns:
- Minutes
- Hourly
- Daily
- Weekly
- Monthly
- Click ADD.
Now the configuration is saved and displayed on the configurations page after you save it.Note: From the same page, you may Edit and Remove the created configuration.
12. Under the ADVANCED SETTINGS, Select the Bypass Resource Reconciliation option, if you wish to bypass resource reconciliation when encountering the same resources discovered by multiple applications.
Note: If two different applications provide identical discovery attributes, two separate resources will be generated with those respective attributes from the individual discoveries.
13. Click NEXT.
14. (Optional) Click +ADD to create a new collector. You can either use the pre-populated name or give the name to your collector.
15. Select an existing registered profile.
- Click FINISH.
The integration is installed and displayed on the INSTALLED INTEGRATION page. Use the search field to find the installed integration.
Modify the Configuration
Click here to Modify the Configuration
See Modify an Installed Integration or Application article.
Note: Select the Cisco Firepower Threat Defense application.
Discover Resources in Cisco Firepower Threat Defense Integrations
Click here to View the Cisco Firepower Threat Defense Details
To discover resources for Cisco Firepower Threat Defense:
The Cisco Firepower Threat Defense application integration is displayed in the below navigation:
- FMC: Infrastructure > Resources > Server.
- FTD: Infrastructure > Resources > Network Device > Firewall.
