Cisco ASA Firewall

Once logs are received in to EventTracker, Flex reports and Alerts can be configured into EventTracker.

The following Knowledge Packs are available in EventTracker v7.x and later to support Cisco ASA Firewall monitoring:

Alerts

Cisco ASA: Access denied - This alert is generated when access denied event occurs.

Reports:-

Cisco ASA: User account locked out - This flex report provides information related to user account locked out. It gives the User account name and Reason why is it locked out.
Cisco ASA: User account unlocked - This flex report provides information related to user account unlocked. It gives the User account name and who has unlocked the user account.

Alerts

Cisco ASA: Authentication failed - This alert is generated when authentication failed event occurs.
Cisco ASA: Failover messages - This alert is generated when failover event occurs.

Reports:-

Cisco ASA: User authentication failed - This flex report provides information related to user authentication failed. It gives the information about authentication failed for Username, Source IP, Source port no. and Target IP, Target port no.
Cisco ASA: User authentication success - This flex report provides information related to user authentication success. It gives the information about authentication success for Username, Source IP, Source port no. and Target IP, Target port no.
Cisco ASA: User login failed - This flex report provides information related to user login failed. It gives information which User, from Source IP and port no. login failed and what was the logon type.
Cisco ASA: User password changed - This flex report provides information related to user password changed. It gives information about for which user password has been changed.
Cisco ASA: Connection denied - This flex report provides information related to traffic denied by firewall. it gives information about Traffic direction, Source and Destination address and port, Protocol details.

Alerts

Cisco ASA: IDS intrusion detection - This alert is generated when IDS intrusion detection event occurs.
Cisco ASA: Security incidents detected - This alert is generated when security incidents detected event occurs.

Reports:-

Cisco ASA: Privilege level changed - This flex report provides information related to user privilege level changed. It shows from which level to which level user privlilege changed by whom.
Cisco ASA: Attack detection - This flex report provides information related to failure attacks that has occurred from which source address to which targeted address.
Cisco ASA: Security incident - This flex report provides information related to security incident detection.
Cisco ASA: Traffic details - This flex report provides information related to access and denied traffic. it gives information about Traffic direction, Source and Destination address and port, Bytes transfer, Duration for connection and its status.

The configuration details in this guide are consistent with EventTracker Enterprise version 7.X and later, Cisco ASA Firewall 5500 Series and later.

To configure Cisco ASA to send logs to EventTracker, refer to the How-to Guide.

For more information please refer to the Integration guide