What Changed
Updated all KQL queries in the Cisco Firepower workbook to filter DeviceProduct by ‘FTD’ instead of ‘Firepower’.
Security Impact (Visibility and Fidelity)
The Cisco Firepower workbook was completely non-functional due to incorrect DeviceProduct filtering. The workbook queries filtered for DeviceProduct =~ ‘Firepower’, but the actual parser stores this field as ‘FTD’. This mismatch caused all dashboard charts and visualizations to return zero results despite active Cisco FTD data ingestion.
SOC analysts using this workbook for Cisco FTD network security monitoring had no functional dashboards for threat analysis, protocol distribution, device action tracking, or anomaly detection. This represents a visualization blind spot that prevented effective analysis of blocked connections, threat patterns, and network activity trends from Cisco Firepower Threat Defense appliances.
Affected Files
Workbooks/CiscoFirepower.json