For those with Cisco Firepower firewalls, how are you parsing the data? We are receiving the logs via Syslog, but there are only 10 syslog parsers built in to the ESM (all of which are basically useless). We are considering switching to the eStreamer, but we have heard that IPS events don't come through.
We have been pretty disappointed with the Firepower support so far. There were 1000+ parsers for ASA events, and there appears to be next-to-none support for Cisco's new(ish) flagship firewalls.