When configured, the Blumira integration with Cisco ASA firewall will stream security event logs to the Blumira service for threat detection and actionable response.
When Blumira’s dynamic blocklist capabilities are configured with the Cisco ASA, Blumira can provide automated blocking of known threats, automatically add new block rules when threats are detected and provide blocking based on Blumira’s community of customers that have detected new threats. All through automation without requiring any human interaction.
Learn more about enabling Blumira’s Dynamic Block Lists to block malicious source IP addresses and domains for automated threat response.
Required Blumira Module: Logger
Please log into the Cisco ASA firewall using the command-line interface. Start by entering the command below.
logging enable logging host <interface_name> <sensor_ip> udp logging permit-hostdown logging timestamp logging device-id hostname
The <interface_name> argument specifies the interface through which you access the Blumira sensor. The sensor_ip argument specifies the IP address of the Blumira sensor.
It’s also important to note that your ACL definitions must have a log tag associated with them or they will not log out traffic matches associated with them – https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/acl_logging.html.
This document provides information on how to configure syslog on the Cisco Adaptive Security Appliance (ASA) by using the Adaptive Security Device Manager (ASDM) GUI.