Cisco Firepower Out-of-the-box Response Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to
this article.
In this article, you will find out how to configure Cisco Firepower to receive and block adversaries detected by Lumu and improve the detection & response capabilities of your organization.
Requirements
- Valid License for Cisco Firepower appliance
- Threat license to use Security Intelligence. To learn how to enable this optional license, refer to Cisco Firepower’s official documentation.
- Firewall Management Center, FMC, Software version
- 7.0.0 (build 94) or greater
- SSL Inspection feature enabled
- Lumu may provide https URLs in its list, which requires the use of this feature, for more information, refer to Cisco’s official documentation.
- Lumu Defender Active subscription
Add Integration
1. Log in to your Lumu account through the
Lumu Portal and navigate to the Integrations screen.
2. Locate the Firepower integration in the available apps area and add the integration using the corresponding option to view more details. Familiarize yourself with the integration details
available in the app description. Activate the integration using the
corresponding option.
3. To generate the integration URL, add a description and select the threat types you want to include in the list.
4. Once you create the integration, you will be provided with the Integration URL:
To integrate Lumu with Cisco Firepower you may need an MD5 URL. To obtain it, just replace the .txt extension with .md5 in the provided URL. This is an example of an MD5 URL: https://defender.lumu.io/static/<integration_uuid>.md5
You will only need this type of URL if you plan on setting the feed’s refresh rate to 30 minutes or less .
The recommended update frequency for this type of integration is
60 minutes . This interval should be evaluated keeping in mind your environment’s particular needs. If after this evaluation you decide to set the refresh rate to a value equal to or lower than 30 minutes, the FMC will request an
MD5 checksum file . You can find instructions to generate this URL at the end of the previous section.
If you delete your integration from Lumu, the integration URL feed will not be valid any longer; however, the FMC will still block the adversaries obtained from the last available version of the feed. If you wish to unblock the adversaries from this previous version, you will need to delete the created URL feed object.
Additional Procedure: Integration without Firepower Management Center
If by any chance you don’t have
Firepower Management Center available to complete the Cisco Firepower OOTB response integration, it is possible to carry out this procedure using a tool provided by Lumu. In the links below, you can find different repositories where the required code and instructions are provided. You can choose the one that best fits your needs and run the code using the tool that you prefer.
- Source Code repository
- Dockerhub repository
Related Articles
Cisco Umbrella Out-of-the-box Response Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. Requirements A Cisco Umbrella DNS Security Essentials subscription package or above Lumu Defender Subscription Setup Cisco Umbrella Rest API Client To ...
Lumu Out-of-the-box Integrations
For getting started with Lumu integrations with third-party solutions, consult our Integrations guide. Lumu's Out-of-the-box (OOTB) integrations are a seamless and convenient way to integrate Lumu with other solutions in your cyberdefense stack to ...
Cisco Umbrella Out-of-the-Box Data Collection Integration
To learn more about Out-of-the-box Integrations and their benefits, please refer to this article. Requirements A Cisco Umbrella DNS Security Essentials subscription or above An active Lumu Defender Subscription Setup Cisco Umbrella Rest API Client To ...
Cisco Secure Endpoint Out-of-the-Box Response Integration
Requirements A Cisco Secure Endpoint Essentials or above subscription An active Lumu Defender subscription Create API key 1. Log in on the Cisco Secure Endpoint Portal. Click on the Administration option on the left navigation bar, then click on the ...
Cisco Meraki Out-of-the-Box Response Integration
Requirements Cisco Meraki A Cisco deployment with MX devices is needed to work with Firewall rules. To get more information about licensing options, you can consult the documentation on Meraki MX Security and SD-WAN Licensing. An active Lumu Defender ...