Posts

Showing posts from 2020

QRadar eStreamer Fields

The following table is intended to show the fields that can be parsed when sending Firepower eStreamer connection events to QRadar. For more information on how to configure Cisco Firepower eStreamer and QRadar please refer to the vendor documentation. Note: The following fields were taken from RAW output before being compiled. I have given brief descriptions next to the most common fields as an example.   Field Description   Field Description flowStatistics.initiatorIPAddress Flow initiator IP   flowStatistics.dnsTTL   flowStatistics.responderIPAddress Flow responder IP   flowStatistics.managedDevice.managedDeviceId Provides the FTD's device ID flowStatistics.originalClientIPAddress     flowStatistics.managedDevice.name Provides the FTD's device hostname