Back Arrow Back to All Integrations

Cisco ASA Firewall

Cisco ASA Firewall

Cisco ASA Logging and Threat Detection Integration

Blumira’s modern cloud SIEM platform integrates with Cisco ASA firewall to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected.

 

When configured, the Blumira integration with Cisco ASA firewall will stream security event logs to the Blumira service for threat detection and actionable response.

 

When Blumira’s dynamic blocklist capabilities are configured with the Cisco ASA, Blumira can provide automated blocking of known threats, automatically add new block rules when threats are detected and provide blocking based on Blumira’s community of customers that have detected new threats. All through automation without requiring any human interaction.

 

Learn more about enabling Blumira’s Dynamic Block Lists to block malicious source IP addresses and domains for automated threat response.

Required Blumira Module: Logger

Use the Command Line

Please log into the Cisco ASA firewall using the command-line interface. Start by entering the command below.

logging enable
logging host <interface_name> <sensor_ip> udp
logging permit-hostdown
logging timestamp
logging device-id hostname

The <interface_name> argument specifies the interface through which you access the Blumira sensor. The sensor_ip argument specifies the IP address of the Blumira sensor.

It’s also important to note that your ACL definitions must have a log tag associated with them or they will not log out traffic matches associated with them – https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/acl_logging.html.

This document provides information on how to configure syslog on the Cisco Adaptive Security Appliance (ASA) by using the Adaptive Security Device Manager (ASDM) GUI.