Cisco ASA Firewall

Version: Cisco ASA Firewall 5500 Series and later.

Cisco Adaptive Security Appliance (ASA) Software is the core operating system for the Cisco ASA Family.It delivers enterprise-class firewall capabilities for ASA devices in an array of form factors – standalone appliances, blades, and virtual appliances – for any distributed network environment.

Netsurion Open XDR acts as the Syslog Server for Cisco ASA, where Cisco ASA sends Syslog messages via UDP to Appliance Syslog Listener. The configuration procedures within this document setup Cisco ASA appliances to send Syslog messages to the Cisco Adaptive Security Device Manager (ASDM). Syslog messages are then forwarded to the Netsurion Open XDR from ASDM.

Netsurion Data Source Integration for Cisco Adaptive Security (ASA) allows you to monitor following:-

  • Operations – Syslog messages for different services, account operations (addition, deletion and modification of user and group) and shutdown/restarting of system.
  • Security – Suspicious network activities, if there is any changes in privileges on user logon/authentication activities. (logon, logoff)
  • Compliance – Changes in policy configuration. (addition and deletion)

Once logs are received in to Netsurion Open XDR, Flex reports and Alerts can be configured into Netsurion Open XDR.

To take advantage of this data source integration and to learn more about alerts, reports, and dashboards, contact your Technical Account Manager (TAM). If you are not currently a Netsurion customer or partner, contact us to learn more.