Solved: Filter IP Range for Multi-Tenant

jaxjohnny2000 · ‎04-18-2019

We have an IDS which serves multiple customers. How can I use eStreamer to pull data from the IPS, but only bring back certain IP ranges. We do not want to mix customer data.

douglashurd · ‎04-18-2019

eStreamer doesn't have the smarts i the server side (the FMC) of the API to filter event data. The FMC does support multiple domains so if you have multiple IDS devices you could place them in different domains and use separate estreamer clients (like encore) to collect each customers data.

Other solutions would involve filtering of data on the client side but you'd still be collecting all events for which the policy is set to generate events.

View solution in original post

douglashurd · ‎04-18-2019

eStreamer doesn't have the smarts i the server side (the FMC) of the API to filter event data. The FMC does support multiple domains so if you have multiple IDS devices you could place them in different domains and use separate estreamer clients (like encore) to collect each customers data.

Other solutions would involve filtering of data on the client side but you'd still be collecting all events for which the policy is set to generate events.

View solution in original post

Filter IP Range for Multi-Tenant

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too! Learn More or Register Now >

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Learn More or Register Now >