Supports direct collection AMP for Endpoints event data directly from the AMP cloud. Event data is fully contextualized with all available end point host attributes. Ideal for AMP users that do not have a Firepower Management Center.
The Firepower System® database access feature allows you to query intrusion, discovery, user activity, correlation, connection, vulnerability, and application and URL statistics database tables on a Cisco Firepower Management Center, using a third-party client that supports JDBC SSL connections.
High performance client server architecture for delivering highly detailed security event data and connection logs available to SIEMs and correlation and forensics including SIEMs, visualization applications and more.
REST API for accessing Next Generation Firewall policy and object information. The API also supports the collection and automatic configuration of certain IPS policy objects including policy names and subnet configuration information.
Leveraging additional context in Firepower to improve policy, detection and analytics. Allows manual or automated importation of third party host and vulnerability information into the Firepower Management Center host map.
Firepower’s programmatic response capability supports messaging options and code execution upon the detection simple and complex event conditions.