Firewall Logs Integration, Expanded Response Management, and Other Enhancements

Secure Network Analytics (SNA) Release 7.5.0 is generally available as of January 22, 2024. All current customers are eligible to upgrade and should look at the release notes to better understand the upgrade process and any additional considerations.

SNA is Cisco’s Network Detection and Response solution.  SNA provides enterprise-wide network visibility to detect and respond to threats in real- time. The solution continuously analyzes network activities to create a baseline of normal network behavior. It then uses this baseline, along with non–signature-based advanced analytics that include behavioral modeling and machine learning algorithms, as well as global threat intelligence to identify anomalies and detect and respond to threats in real- time. Secure Network Analytics can quickly and with high confidence detect threats such as Command-and-Control (C&C) attacks, ransomware, Distributed-Denial-of-Service (DDoS) attacks, illicit cryptomining, unknown malware, and insider threats. With an agentless solution, you get comprehensive threat monitoring across the entire network traffic, even if it’s encrypted.

This release delivers the innovation and usability that customers expect from the platform. By directly integrating firewall logs, improving response management, and updating the platform to meet the latest certification mandates, release 7.5.0 combines essential platform development with new features and enhancements.

Firewall Logs Generate Events in Secure Network Analytics

Given their location at the edge of the network, firewalls see a vast amount of traffic and behaviors that may be indicative of an attack. In this release, Secure Network Analytics can take logs directly from Cisco Firewall Management Center (FMC), Firewall Threat Defense (FTD) and ASA. These logs are converted into a format that looks like NetFlow but does not count against your flows per second (FPS) license. Enabling this configuration gives further insight into your traffic patterns, risks, and the scope of an attack.

New Response Management Actions

Automated responses improve the workflow for Security Operations Center (SOC) analysts and are a core component of our Network Detection and Response solution. By providing flexibility for multiple response actions, SOC analysts can ensure proper action is taken based on a specific alert type. This release adds Central Analytics detections to Response Management workflows, including the ability to deliver email, syslog, threat response, or webhook.

Data Enrichment from Secure Network Analytics to Cisco XDR

With the 7.5.0 release, security events contribute directly into XDR investigations. Also, XDR response actions can now be applied to alerts.

Other Enhancements

Additionally, this release provides improvements to the overall security and usability of the platform. Secure Network Analytics can achieve the certifications required by customers, including DODIN-APL, FIPS 140-3, Level 1, Common Criteria, USGv6, and IPv6 ready Logo. Some of these enhancements include:

  • TLS 1.3: TLS 1.3 is now supported, and TLS 1.2 is still supported. These protocols should be used for inter-appliance and external TLS connections, and can be configured in SystemConfig to be TLS 1.3 only or both TLS 1.2 and 1.3
  • Root access restriction: Root access has been removed. TAC will have access for troubleshooting purposes using the Cisco Consent Token mechanism via SystemConfig.
  • New SystemConfig workflows: New workflows added that non root user sysadmin can action, including Diag Packs, License Reservation, Data Store operations, and more.
  • MongoDB upgrade: Moved to a version that uses an already available package rather than a custom-built version.

In addition to these enhancements –we have improved certificate rotation and management, IPv6 support, and support for M4, M5, and M6 appliances.

By simplifying workflows, increasing compliance, and expanding detections, Secure Network Analytics Release 7.5.0 continues to prove its value as a central component of your SOC. We encourage you to review the release notes and speak with your local Cisco provider to begin planning your upgrade.

We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social Channels



Rob Ayoub

Sr. Product Marketing Manager

Network Detection and Response