Cisco FirePower eStreamer

[Mike Riforgiate]

On the Firepower Management Console

• Log in and navigate to System -> Integrations -> eStreamer
• Click Create Client
• Enter the IP address of the WitFoo Precinct Streamer node or All-in-One Appliance
• Optional: Set a password for the certificate
• Save the certificate on your local machine as estreamer.pkcs12

In the WitFoo Precinct web interface

• Navigate to Admin -> Settings -> Cisco Firepower eStreamer
• Input the server, port and password (if used)
• Hit save

SSH or Console into the WitFoo Precinct Processing node or All-in-One Appliance

• Run sudo ./stop
• Verify /data/ie exists and has 755 permissions with root as owner and group. If not, run sudo bash -c ‘mkdir -p /data/ie && chown root:root /data/ie && chmod 755 /data/ie’
• Run sudo rm -rf /data/ie/estreamer.pkcs12
• Run sudo rm -rf /data/ie/estreamer-server.der

Without closing the SSH/Console session, upload estreamer.pkcs12 to the WitFoo Precinct Processing node or All-in-One Appliance via SFTP (using witfooadmin credentials) to /home/witfooadmin.

SSH or Console into the WitFoo Precinct Processing node or All-in-One Appliance

• Run sudo cp /home/witfooadmin/estreamer.pkcs12 /data/ie/estreamer.pkcs12
• Run the following command replacing IPADDRESS_OF_FMC with the actual IP address of the FMC. This will download the server’s certificate for trust.

  sudo bash -c ‘echo “” | openssl s_client -connect IPADDRESS_OF_FMC:8302 -showcerts 2>/dev/null | openssl x509 -out certfile.txt && openssl x509 -in certfile.txt -outform der -out /data/ie/estreamer-server.der’

• Run ./start

In the WitFoo Precinct web interface

• At Reports -> Tool Effieciency Firepower should be displayed in less than 10 minutes.

[Steven White]

Are there updated integration instructions. The web interface and cli commands on the witfoo appliance are not correct.

[Author]

Posts