fbpx
Back Arrow Back to All Integrations

Cisco ASA Firewall

Cisco ASA Firewall

Cloud SIEM for Cisco ASA

 

Blumira’s modern cloud SIEM platform integrates with Cisco ASA firewall to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected.

 

When configured, the Blumira integration with Cisco ASA firewall will stream security event logs to the Blumira service for threat detection and actionable response.

 

When Blumira’s dynamic blocklist capabilities are configured with the Cisco ASA, Blumira can provide automated blocking of known threats, automatically add new block rules when threats are detected and provide blocking based on Blumira’s community of customers that have detected new threats. All through automation without requiring any human interaction.

 

Learn more about enabling Blumira’s Dynamic Block Lists to block malicious source IP addresses and domains for automated threat response.

 

Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.

 

Free Trial

Required Blumira Module: Logger

Use the Command Line

Please log into the Cisco ASA firewall using the command-line interface. Start by entering the command below.

logging enable
logging host <interface_name> <sensor_ip> udp
logging permit-hostdown
logging timestamp
logging device-id hostname
no logging emblem

Tip: (If logging is enabled and you do not see any traffic
check the logging buffered setting. It may need to be
adjusted to "logging buffered informational".)

Note: Emblem log format should be disabled.

The <interface_name> argument specifies the interface through which you access the Blumira sensor. The sensor_ip argument specifies the IP address of the Blumira sensor.

It’s also important to note that your ACL definitions must have a log tag associated with them or they will not log out traffic matches associated with them – https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/acl_logging.html.

This document provides information on how to configure syslog on the Cisco Adaptive Security Appliance (ASA) by using the Adaptive Security Device Manager (ASDM) GUI.

If you are still not receiving logs from the Cisco ASA, Please ensure that Logging Filters for Syslog Server are configured to send “Severity: Informational” and that Emblem formatting is disabled.

Cisco Logging FIlter Configuration

Cisco Logging Filter Severity