Impelix IMPACT Integration
with Cisco Firepower
The Impelix IMPACT platform ingests telemetry from your all your security products as well as third-party feeds (threat intelligence, cybersecurity risk, business resilience intelligence, etc.) and delivers event correlation, security control efficacy, and compliance monitoring.
We believe that the more data ingested into IMPACT, the more context you will have regarding security incidents, which will allow effective and efficient incident response and compliance management. Therefore, we encourage and facilitate connecting vendor products telemetry with Impelix IMPACT platform.
Cisco Firepower
On the Firepower Management Console
- Log in and navigate to System > Integrations > eStreamer
- Click Create Client
- Enter the IP address of the Impelix IMPACT server
- Set a password for the certificate
- Save the certificate on your local machine as estreamer.pkcs12
In the Impelix IMPACT web interface
- Navigate to Admin > Settings > Cisco Firepower eStreamer
- Input the server, port and password
- Hit save
SSH or Console into the Impelix IMPACT server
- Run sudo ./stop
- Verify /data/ie exists and has 755 permissions with root as owner and group. If not, run sudo bash -c 'mkdir -p /data/streamer && chown root:root /data/streamer && chmod 777 /data/streamer'
- Run sudo rm -rf /data/streamer/estreamer.pkcs12
- Run sudo rm -rf /data/streamer/estreamer-server.der
Without closing the SSH/Console session, upload estreamer.pkcs12 to the Impelix IMPACT Processing node or All-in-One Appliance via SFTP (using impactadmin credentials) to /home/impactadmin.
SSH or Console into the Impelix IMPACT Processing node or All-in-One Appliance
- Run sudo cp /home/impactadmin/estreamer.pkcs12 /data/streamer/estreamer.pkcs12
- Run the following command replacing IPADDRESS_OF_FMC with the actual IP address of the FMC. This will download the server’s certificate for trust. sudo bash -c 'echo "" | openssl s_client -connect IPADDRESS_OF_FMC:8302 -showcerts 2>/dev/null | openssl x509 -out certfile.txt && openssl x509 -in certfile.txt -outform der -out /data/streamer/estreamer-server.der'
- Run ./start
In the Impelix IMPACT web interface
- At Reports > Tool Efficiency Firepower should be displayed in less than 10 minutes.
Please contact Impelix support for additional support for this integration, if needed.