Skip to content

Cisco Firepower eStreamer

Cisco Event Streamer (also known as eStreamer) allows streaming of FireSIGHT System intrusion, discovery, and connection data from a Cisco Defense Center or managed device (also referred to as the eStreamer server) to external client applications such as CYCLOPS.

Data Types

  • SOURCEFIRE_IDS

Configuration

Configure the eStreamer service on the Cisco Firepower device to send logs to the CYCLOPS forwarder.

See Cisco instructions for version 6.2 here.

See Cisco instructions for version 5.4 here.

Please note: as part of the eStreamer setup, a certificate file must be generated and provided to Cyderes. Please use a password for the certificate.

See CYCLOPS instructions here.

Cyderes will provide a port number and deploy an eStreamer client application to the CYCLOPS instance.

Gather Information

  • Certificate generated during the eStreamer service setup
  • Password associated certificate
  • IP Address of the eStreamer server