Accenture MDR Quick Start Guide for Cisco® Cloud Web Security (CWS)
This quick start guide will help Accenture MDR customers configure Cisco® Cloud Web Security (CWS) to allow log collection from the Log Collection Platform (LCP).
The document includes the following topics:
Supported Versions
A list of supported versions is available in the Accenture MDR Supported Products List document (Accenture_MDR_Supported_Products_List.xlsx) which can be found in Accenture MDR Portal.
Port Requirements
Table 1-1: Port requirements for LCP communication.
Source | Destination | Port | Description |
LCP | Endpoint URL ( Default value: https://vault.scansafe.com) | 443 (TCP) | Default Port |
Configuring Cisco CWS
In order to facilitate log extraction using the S3Compatible sensor, the access parameters need to be specified in the collector sensor, which include BucketName, AccessKey, and SecretKey.
The log extraction service must be enabled and provisioned for your company.
To enable the log extraction service, follow the steps below.
Log into the Admin portal (https://scancenter.scansafe.com/portal/admin/login.jsp) using super user credentials provided by Cisco.
Click the Admin tab to display the administration menus.
In the Your Account menu, click Log Extraction to display the Log Extraction page.
In the Bucket area, a dedicated bucket with a unique name based on your Company ID is created to hold your private data.
In the Connection Details area, click the Issue Key button.
In the Warning dialog box, click the Issue & Download button.
Save the resulting CSV file named keypair.csv in your downloads folder. The AccessKey will be updated to show the generated key ID, but the SecretKey is not displayed anywhere in ScanCenter for the purpose of security. To maintain privacy, Cisco Customer Support will not ask for the SecretKey.
Open the saved CSV file named keypair.csv to view your AccessKey and SecretKey. The AccessKey is a 20-character string, while the SecretKey is a 40-character string.
For more information on configuring Cisco CWS, refer to Cisco ScanCenter Administrator Guide.
Note: Log Files that are available on cloud for extraction are in the *.txt.gz format.
LCP Configuration Parameters
Table 1-2: The Cisco CWS event collector (API – 3778) properties to be configured by MDR are shown in the table.
Property | Description |
Endpoint | Endpoint URL mentioned in the Pre-Installation Questionnaire (PIQ). Note: URL of the cloud storage from where logs should be fetched. The default value is: https://vault.scansafe.com |
BucketName | BucketName mentioned in the PIQ. Note: Name of the bucket in which log files are stored in the cloud, which is customer specific. This can be obtained from the Admin console of Cisco CWS. Example: BucketName <10 digit bucketname e.g. 1234567890> |
AccessKey | AccessKey mentioned in the PIQ. Note: Access Key generated by the super user. Example: AccessKey <20-Character String e.g. QWERTYU2QAZWS3XVM7XYZ> |
SecretKey | SecretKey mentioned in the PIQ. Note: Secret Key generated by the super user. Example: SecretKey <40-character string e.g.qWeRtYu17AsdfGHjkL12zXcVbNmP48KYQCA5VM7XLD==> |
Note: The AccessKey and SecretKey can only be generated by the super user, this is a requirement from the product vendor.
Legal Notice
Copyright © 2021 Accenture. All rights reserved.
Accenture, the Accenture Logo, and DeepSight Intelligence are trademarks or registered trademarks of Accenture in the U.S. and other countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Accenture and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. ACCENTURE SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq. "Commercial Computer Software and Commercial Computer Software Documentation," as applicable, and any successor regulations, whether delivered by Accenture as on premises or hosted services. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.