Zviri mukati hide
1 CISCO Security Cloud App
2 Mirayiridzo Yekushandiswa Kwechigadzirwa
3 Gadzirisa application
4 Gadzirisa Anwendung
5 Cisco Duo
6 Cisco Chengetedza Malware Analytics
7 Cisco Chengetedza Firewall Management Center
8 Cisco Multicloud Defense
9 Cisco XDR
10 Cisco Chengetedza Email Kutyisidzira Kudzivirira
11 Cisco Chengetedza Network Analytics
12 Zvinyorwa / Zvishandiso
12.1 References

CISCO-Logo

CISCO Security Cloud App

CISCO-Security-Cloud-App-Chigadzirwa

Zvinotsanangurwa

  • Product Name: Cisco Security Cloud App
  • Mugadziri: Cisco
  • Kubatanidza: Inoshanda nemhando dzakasiyana dzeCisco zvigadzirwa

Mirayiridzo Yekushandiswa Kwechigadzirwa

Gadzirisa application
Application Setup ndiyo yekutanga mushandisi interface yeChengetedzo Cloud App. Tevedza aya matanho kugadzirisa application:

  1. Enda kune iyo Application Setup> Cisco Zvigadzirwa peji.
  2. Sarudza iyo yaunoda Cisco application uye tinya paGadzirisa Chikumbiro.
  3. Zadzisa fomu rekugadzirisa iro rinosanganisira tsananguro yeApp, Zvinyorwa zvinyorwa, uye Magadzirirwo.
  4. Dzvanya Save. Ita shuwa kuti minda yese yakazadzwa nemazvo kuitira kuti Save bhatani rigone.

Gadzirisa Cisco Zvigadzirwa
Kugadzirisa Cisco Zvigadzirwa mukati meChengetedzo Cloud App, tevera matanho aya:

  1. PaCisco Zvigadzirwa peji, sarudza chaiyo Cisco chigadzirwa chaunoda kugadzirisa.
  2. Dzvanya paGadzirisa Chikumbiro chechigadzirwa ichocho.
  3. Zadza minda inodiwa inosanganisira Input Name, Interval, Index, uye Source Type.
  4. Chengetedza gadziriro. Gadzirisa chero kukanganisa kana Save bhatani rakavharwa.

Cisco Duo Configuration
Nekugadzirisa Cisco Duo mukati meChengetedzo Cloud App, tevera matanho aya:

  1. MuDuo Configuration peji, isa Zita rekupinda.
  2. Ipa iyo Admin API magwaro mukiyi Yekubatanidza, Chakavanzika kiyi, uye API hostname ndima.
  3. Kana usina zvitupa izvi, nyoresa account itsva kuti uzvitore.

Mibvunzo Inowanzo bvunzwa (FAQ)

  • Mubvunzo: Ndeapi minda yakajairika inodiwa pakugadzirisa maapplication?
    A: Maminda akajairwa anosanganisira Input Name, Interval, Index, uye Source Type.
  • Mubvunzo: Ndingaite sei mvumo neDuo API?
    A: Mvumo neDuo API inobatwa uchishandisa iyo Duo SDK yePython. Iwe unofanirwa kupa iyo API Hostname yakawanikwa kubva kuDuo Admin Panel pamwe nemamwe minda sarudzo sezvinodiwa.

Ichi chitsauko chinokutungamira mukuita kwekuwedzera uye kugadzirisa mapimendi kune akasiyana maapplication (Cisco zvigadzirwa) mukati meSecurity Cloud App. Kupinza kwakakosha nekuti ivo vanotsanangura masosi edata anoshandiswa neSecurity Cloud App yekutarisa. Kurongeka kwakaringana kwezvekupinza kunovimbisa kuti kuchengetedza kwako kuvharika kwakazara uye kuti data rese rinonyatso kuratidzwa kuti ritariswe uye kutariswa mune ramangwana.

Gadzirisa application

Application Setup ndiyo yekutanga mushandisi interface yeChengetedzo Cloud App. Iyo Application Setup peji ine zvikamu zviviri:

Mufananidzo 1: Mapurogiramu angu

CISCO-Security-Cloud-App-Fig- (1)

  • Chikamu cheMaapuro Angu pane peji reKugadzira Chishandiso chinoratidza masimiriro ese emushandisi.
  • Dzvanya chigadzirwa hyperlink kuti uende kune chigadzirwa dashboard.CISCO-Security-Cloud-App-Fig- (2)
  • Kugadzirisa zvinopinda, tinya Rongedza Configuration pasi pemenu yekuita.
  • Kuti udzime zvinopinda, tinya Delete pasi pemenu yekuita.CISCO-Security-Cloud-App-Fig- (3)

Mufananidzo 2: Cisco Products

CISCO-Security-Cloud-App-Fig- (4)

  • Iyo Cisco Zvigadzirwa peji inoratidza zvese zviripo Cisco zvigadzirwa zvakabatanidzwa neSecurity Cloud App.
  • Iwe unogona kugadzirisa mapeji ega ega Cisco chigadzirwa muchikamu chino.

Gadzirisa Anwendung

  • Mamwe minda yekumisikidza akajairika pane ese eCisco zvigadzirwa uye anotsanangurwa muchikamu chino.
  • Mamiriro ekugadzirisa akananga kune chigadzirwa anotsanangurwa muzvikamu zvinotevera.

Tafura 1: Nzvimbo dzakajairika

Munda

Tsanangudzo
Input Name (Zvinosungirwa) Iri zita rakasarudzika rezvipo zvekushandisa.
Interval (Zvinosungirwa) Nguva yenguva mumasekonzi pakati pemibvunzo yeAPI.
Index (Zvinosungirwa) Destination index yezvinyorwa zvekushandisa. Inogona kuchinjwa kana ichidiwa.

Kuzadza otomatiki kunopihwa pandima iyi.
Source Type (Zvinosungirwa) Kune akawanda maapplication, iko kukosha kweiyo default uye yakaremara.

Unogona kushandura kukosha kwayo mukati Advance Settings.
  • Danho 1 Muchishandiso Setup> Cisco Zvigadzirwa peji, famba uchienda kune inodiwa Cisco application.
  • Danho 2 Dzvanya Gadzira Anwendung.
    Iyo peji yekumisikidza ine zvikamu zvitatu: Tsananguro pfupi yeapp, Zvinyorwa zvine zvinongedzo kune zvinobatsira zviwanikwa, uye Configuration fomu.CISCO-Security-Cloud-App-Fig- (5)
  • Danho 3 Zadza fomu rekugadzirisa. Cherechedza zvinotevera:
    • Nzvimbo dzinodiwa dzakaiswa chiratidzo chenyeredzi *.
    • Kunewo minda yekusarudza.
    • Tevedza mirairo uye matipi anotsanangurwa mune chaiyo app chikamu chepeji.
  • Danho 4 Dzvanya Save.
    Kana paine chikanganiso kana minda isina chinhu, Save bhatani rakavharwa. Gadzirisa kukanganisa uye chengetedza fomu.

Cisco Duo

Mufananidzo 3: Duo Configuration peji

CISCO-Security-Cloud-App-Fig- (6)

Pamusoro peminda inosungirwa inotsanangurwa muGadzirisa Chikumbiro, pane peji 2 chikamu, zvinotevera zvitupa zvinodiwa kuti zvibvumirwe neDuo API:

  • ikey (kiyi yekubatanidza)
  • sky (Secret key)

Mvumo inobatwa neDuo SDK yePython.

Tafura 2: Duo kumisikidza minda

Munda

Tsanangudzo
API Hostname (Zvinosungirwa) Nzira dzese dzeAPI dzinoshandisa iyo API hostname. https://api-XXXXXXXX.duosecurity.com.

Tora kukosha uku kubva kuDuo Admin Panel uye uishandise sezvakaratidzwa ipapo.
Duo Security Logs Optional.
Logging Level (Sarudzo) Chiyero chekutema mameseji anonyorerwa kuisa matanda mu$SPLUNK_HOME/var/log/splunk/duo_splunkapp/
  • Danho 1 Mune iyo Duo yekumisikidza peji, isa iyo Input Zita.
  • Danho 2 Pinda zvinyorwa zveAdmin API mukiyi yeKubatanidza, kiyi yeChakavanzika, uye nzvimbo dzezita rezita reAPI. Kana usina magwaro aya, nyoresa account itsva.
    • Enda kune Zvishandiso> Dzivirira Chikumbiro> Admin API kugadzira itsva Admin API.CISCO-Security-Cloud-App-Fig- (7)
  • Danho 3 Tsanangura zvinotevera kana zvichidikanwa:
    • Duo Security Logs
    • Logging Level
  • Danho 4 Dzvanya Save.

Cisco Chengetedza Malware Analytics

Mufananidzo 4: Chengetedza Malware Analytics Configuration peji

CISCO-Security-Cloud-App-Fig- (8)CISCO-Security-Cloud-App-Fig- (9)

Cherechedza
Unoda kiyi yeAPI (api_key) yemvumo neSecure Malware Analytics (SMA) API Pfuura kiyi yeAPI semhando yeBearer muMvumo tokeni yechikumbiro.

Chengetedza Malware Analytics kumisikidza data

  1. Host: (Zvinosungirwa) Inotsanangura zita reSMA account.
  2. Zvirongwa zveProxy: (Sarudzo) Inoumbwa neProxy Type, Proxy URL, Port, Username, uye Password.
  3. Logging Settings: (Sarudzo) Tsanangura marongero eruzivo rwekutema matanda.
  • Nhanho 1 Mune Yakachengeteka Malware Analytics kumisikidza peji, isa zita muInput Name.
  • Nhanho 2 Pinda Iyo Host uye iyo API Key minda.
  • Danho 3 Tsanangura zvinotevera kana zvichidikanwa:
    • Proxy Settings
    • Logging Settings
  • Nhanho 4 Dzvanya Sevha.

Cisco Chengetedza Firewall Management Center

Mufananidzo 5: Chengetedza Firewall Management Center Configuration peji

CISCO-Security-Cloud-App-Fig- (10)

  • Unogona kupinza data muYakachengeteka Firewall application uchishandisa chero ipi yeaya maviri akagadziridzwa maitiro: eStreamer uye Syslog.
  • Iyo Yakachengeteka Firewall yekumisikidza peji inopa maviri ma tabo, imwe neimwe inoenderana neyakasiyana nzira yekupinza data. Iwe unogona kushandura pakati peaya ma tabo kuti ugadzirise iwo akateerana data ekuisa.

Firewall e-Streamer

eStreamer SDK inoshandiswa kutaurirana neSecure Firewall Management Center.

Mufananidzo 6: Chengetedza Firewall E-Streamer tab

CISCO-Security-Cloud-App-Fig- (11)

Tafura 3: Chengetedza Firewall configuration data

Munda

Tsanangudzo
FMC Host (Zvinosungirwa) Inotsanangura zita remugadziri wenzvimbo.
Port (Zvinosungirwa) Inotsanangura chiteshi cheakaundi.
PKCS Chitupa (Zvinosungirwa) Chitupa chinofanira kugadzirwa paFirewall Management Console - eStreamer Chitupa Kusika. Iyo system inotsigira chete pkcs12 file type.
Pasiwedhi (Zvinosungirwa) Password yePKCS Chitupa.
Zviitiko Types (Zvinosungirwa) Sarudza mhando yezviitiko zvekupinza (Zvese, Kubatanidza, Kupindira, File, Intrusion Packet).
  • Step 1 MuE-Streamer tebhu ye Wedzera Yakachengeteka Firewall peji, muInput Name field, isa zita.
  • Danho 2 Munzvimbo yeSitifiketi yePKCS, isa .pkcs12 file kumisikidza chitupa chePKCS.
  • Step 3 Mumunda wePasiwedhi, isa password.
  • Nhanho 4 Sarudza chiitiko pasi peChiitiko Mhando.
  • Nhanho 5 Tsanangura zvinotevera kana zvichidikanwa:
    • Duo Security Logs
    • Logging Level
      Cherechedza
      Kana iwe ukachinja pakati peE-Streamer neSyslog ma tabo, iyo chete inoshanda yekumisikidza tebhu inochengetwa. Naizvozvo, iwe unogona chete kuseta imwe nzira yekupinza data panguva.
  • Nhanho 6 Dzvanya Sevha.

Firewall Syslog
Pamusoro peminda inosungirwa inotsanangurwa muGadzirisa Chikumbiro, chikamu, zvinotevera zvigadziriso zvinodikanwa padivi rekutungamira.

CISCO-Security-Cloud-App-Fig- (12)

Tafura 4: Chengetedza Firewall Syslog yekumisikidza data

Munda

Tsanangudzo
TCP/ UDP (Zvinosungirwa) Inotsanangura mhando yedata rekuisa.
Port (Zvinosungirwa) Inotsanangura yakasarudzika chiteshi cheakaundi.
  • Nhanho 1 MuSyslog tebhu yeWedzera Yakachengeteka Firewall peji, misa chinongedzo padivi rekutonga, muInput Name field, isa zita.
  • Step 2 Sarudza TCP kana UDP yeInput Type.
  • Nhanho 3 Mumunda wePort, isa nhamba yechiteshi
  • Nhanho 4 Sarudza rudzi kubva kune Source Type yekudonha-pasi runyorwa.
  • Nhanho 5 Sarudza mhando dzezviitiko zveiyo yakasarudzwa sosi mhando.
    Cherechedza
    Kana iwe ukachinja pakati peE-Streamer neSyslog ma tabo, iyo chete inoshanda yekumisikidza tebhu inochengetwa. Naizvozvo, iwe unogona chete kuseta imwe nzira yekupinza data panguva.
  • Nhanho 6 Dzvanya Sevha.

Cisco Multicloud Defense

Mufananidzo 7: Chengetedza Malware Analytics Configuration peji

CISCO-Security-Cloud-App-Fig- (13)

  • Multicloud Defense (MCD) inokwirisa HTTP Chiitiko Muunganidzi mashandiro eSplunk pane kutaurirana kuburikidza neAPI.
  • Gadzira muenzaniso muCisco Defense Orchestrator (CDO), nekutevera matanho anotsanangurwa muSet Up Guide chikamu cheMulticloud Defense configuration peji.

CISCO-Security-Cloud-App-Fig- (14)

Chete minda inosungirwa inotsanangurwa muGadzirisa Chikumbiro, chikamu chinodiwa kubvumidzwa neMulticloud Defense.

  • Nhanho 1 Isa Multicloud Defense muenzaniso muCDO nekutevera Set Up Gwaro pane peji rekugadzirisa.
  • Step 2 Isa zita muInput Name field.
  • Nhanho 3 Dzvanya Sevha.

Cisco XDR

Mufananidzo 8: XDR Configuration peji

CISCO-Security-Cloud-App-Fig- (15)

Izvi zvinotevera zvitupa zvinodiwa kuti zvibvumidzwe nePrivate Intel API:

  • client_id
  • client_secret

Yese yekupinza inomhanya inoguma nekufona kune iyo GET /iroh/oauth2/token endpoint kuti uwane tokeni inoshanda kwemasekonzi mazana matanhatu.

Tafura 5: Cisco XDR kugadzirisa data

Munda

Tsanangudzo
Dunhu (Zvinosungirwa) Sarudza dunhu usati wasarudza Nzira Yekusimbisa.
Authentication Nzira (Zvinosungirwa) Nzira mbiri dzechokwadi dziripo: Kushandisa Client ID uye OAuth.
Import Nguva Range (Zvinosungirwa) Sarudzo nhatu dzekupinza dziripo: Ngenisa Yese Chiitiko data, Ngenisa kubva panguva yakagadzirwa-nguva, uye Ngenisa kubva kune yakatsanangurwa zuva-nguva.
Kurudzira Zviitiko zveXDR kune ES Notables? (Sarudzo) Splunk Enterprise Security (ES) inosimudzira Notables.

Kana usina kugonesa Enterprise Chengetedzo, unogona kusarudza kusimudzira kune zvinozivikanwa, asi zviitiko hazvioneke mune iyo index kana akakosha macros.

Mushure mekugonesa Enterprise Security, zviitiko zviripo mune index.

Iwe unogona kusarudza mhando yezviitiko zvekupinza (Zvese, Zvakakomba, Pakati, Pazasi, Ruzivo, Zvisingazivikanwe, Hapana).
  • Nhanho 1 MuCisco XDR yekumisikidza peji, isa zita muInput Name field.
  • Nhanho 2 Sarudza nzira kubva kuAuthentication Method yekudonha-pasi runyorwa.
    • Client ID:
      • Dzvanya bhatani reEnda kuXDR kuti ugadzire mutengi kuaccount yako muXDR.
      • Kopa uye unamate iyo Client ID
      • Seta password (Client_secret)
    • OAuth:
      • Tevera chinongedzo chakagadzirwa uye simbisa. Iwe unofanirwa kuve neXDR account.
      • Kana iyo yekutanga link ine kodhi isina kushanda, mune yechipiri chinongedzo, kopira iyo User kodhi uye isa pamaoko.
  • Nhanho 3 Tsanangura nguva yekupinda muImba Yenguva Range ndima.
  • Step 4 Kana zvichidikanwa, sarudza kukosha muKusimudzira XDR Zviitiko kune ES Notables. munda.
  • Nhanho 5 Dzvanya Sevha.

Cisco Chengetedza Email Kutyisidzira Kudzivirira

Mufananidzo 9: Yakachengeteka Imeyili Inotyisidzira Kudzivirira Kugadzirisa peji

CISCO-Security-Cloud-App-Fig- (16)

Izvi zvinotevera zvitupa zvinodikanwa kuti zvibvumirwe zveSecure Email Threat Defense APIs:

  • api_key
  • client_id
  • client_secret

Tafura 6: Chengetedza Email Kutyisidzira Kudzivirira Kugadzirisa data

Munda

Tsanangudzo
Dunhu (Zvinosungirwa) Unogona kugadzirisa iyi ndima kuti uchinje dunhu.
Import Nguva Range (Zvinosungirwa) Sarudzo nhatu dziripo: Ngenisa Yese meseji data, Ngenisa kubva panguva yakagadzirwa-nguva, kana Kupinza kubva kune yakatsanangurwa zuva-nguva.
  • Nhanho 1 Mune Yakachengeteka Email Kutyisidzira Kudzivirirwa kumisikidzwa peji, isa zita muInput Name field.
  • Nhanho 2 Pinda iyo API Kiyi, Mutengi ID, uye Mutengi Chakavanzika Kiyi.
  • Step 3 Sarudza dunhu kubva kuDunhu rekudonhedza pasi runyorwa.
  • Nhanho 4 Seta nguva yekupinda pasi peKupinza Nguva Range.
  • Nhanho 5 Dzvanya Sevha.

Cisco Chengetedza Network Analytics

Yakachengeteka Network Analytics (SNA), yaimbozivikanwa seStealthwatch, inoongorora iripo network data kubatsira kuona kutyisidzira kungave kwakawana nzira yekunzvenga iyo iripo zvidzoreso.

Mufananidzo 10: Chengetedza Network Analytics Configuration peji

CISCO-Security-Cloud-App-Fig- (17)

Zvinyorwa zvinodiwa pakubvumidzwa:

  • smc_host: (IP kero kana zita rekutambira reStealthwatch Management Console)
  • tenant_id (Stealthwatch Management Console domain ID yeakaundi iyi)
  • zita rekushandisa (Stealthwatch Management Console username)
  • password (Stealthwatch Management Console password yeakaundi iyi)

Tafura 7: Chengetedza Network Analytics Configuration data

Munda

Tsanangudzo
Proxy type sarudza kukosha kubva pane yekudonhedza pasi:

• Mugamuchiri

• Chiteshi

• Zita rekushandisa

• Pasiwedhi
Interval (Zvinosungirwa) Nguva yenguva mumasekonzi pakati pemibvunzo yeAPI. By default, 300 secs.
Source type (Zvinosungirwa)
Index (Zvinosungirwa) Inotsanangura indekisi yekuenda kune SNA Security Logs. By default, nyika: cisco_sna.
Mushure (Zvinosungirwa) Yekutanga mushure mekukosha inoshandiswa pakubvunza iyo Stealthwatch API. By default, kukosha maminitsi gumi apfuura.
  • Nhanho 1 Mune Yakachengeteka Network Analytics kumisikidza peji, isa zita muInput Name field.
  • Step 2 Pinda Maneja Kero (IP kana Host), Domain ID, Username, uye Password.
  • Nhanho 3 Kana zvichidikanwa, isa zvinotevera pasi pezvirongwa zveProxy:
    • Sarudza mumiririri kubva kuProxy mhando yekudonhedza pasi runyorwa.
    • Pinda iyo host, port, username, uye password mundima dzakateerana.
  • Nhanho 4 Tsanangura maInput magadzirirwo:
    • Isa nguva pasi peInterval. Nekumisikidza, nguva yacho inoiswa kumasekonzi mazana matatu (300 maminetsi).
    • Unogona kushandura Source type pasi peAdvanced Settings kana zvichidikanwa. Iko kukosha kweiyo cisco:sna.
    • Isa indekisi yekwainoenda yeZvichengetedzwa logs mundima yeIndex.
  • Nhanho 5 Dzvanya Sevha.

Zvinyorwa / Zvishandiso

CISCO Security Cloud App [pdf] Bhuku reMushandisi
Chengetedzo Cloud App, Cloud App, App
CISCO Security Cloud App [pdf] Bhuku reMushandisi
Chengetedzo, Chengetedzo Cloud, Cloud, Chengetedzo Cloud App, App
CISCO Security Cloud App [pdf] Bhuku reMushandisi
Chengetedzo Cloud App, Cloud App, App

References

Siya mhinduro

Yako email kero haizoburitswa. Nzvimbo dzinodiwa dzakamakwa *