Industry
Compliance
Use Cases
Cloud Security
Threat Detection
Threat Response
Playbooks
Virtual Honeypots
Security Reports
Back to All Integrations
Blumira’s modern cloud SIEM platform integrates with Cisco ASA firewall to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected.
When configured, the Blumira integration with Cisco ASA firewall will stream security event logs to the Blumira service for threat detection and actionable response.
When Blumira’s dynamic blocklist capabilities are configured with the Cisco ASA, Blumira can provide automated blocking of known threats, automatically add new block rules when threats are detected and provide blocking based on Blumira’s community of customers that have detected new threats. All through automation without requiring any human interaction.
Learn more about enabling Blumira’s Dynamic Block Lists to block malicious source IP addresses and domains for automated threat response.
Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.
Required Blumira Module: Logger
Please log into the Cisco ASA firewall using the command-line interface. Start by entering the command below.
logging enable logging host <interface_name> <sensor_ip> udp logging permit-hostdown logging timestamp logging device-id hostname no logging emblem Tip: (If logging is enabled and you do not see any traffic check the logging buffered setting. It may need to be adjusted to "logging buffered informational".) Note: Emblem log format should be disabled.
The <interface_name> argument specifies the interface through which you access the Blumira sensor. The sensor_ip argument specifies the IP address of the Blumira sensor.
It’s also important to note that your ACL definitions must have a log tag associated with them or they will not log out traffic matches associated with them – https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/acl_logging.html.
This document provides information on how to configure syslog on the Cisco Adaptive Security Appliance (ASA) by using the Adaptive Security Device Manager (ASDM) GUI.
If you are still not receiving logs from the Cisco ASA, Please ensure that Logging Filters for Syslog Server are configured to send “Severity: Informational” and that Emblem formatting is disabled.
