Overview
Blumira’s modern cloud SIEM platform integrates with Cisco ASA firewall to detect cybersecurity threats and provide an automated or actionable response to remediate when a threat is detected.
Additionally, enabling Blumira’s dynamic blocklist capabilities on your integrated next-generation firewall allows us to provide automated blocking of known threats.
Learn more about enabling Blumira’s blocklists to block malicious source IP addresses and domains for automated threat response.
Also see:
-
Cisco ASA with FirePOWER Security Intelligence Feeds Setup using FMC
-
Cisco ASA with FirePOWER Security Intelligence Feeds Setup using ASDM
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Required Blumira Module: Logger
Use the Command Line
Please log into the Cisco ASA firewall using the command-line interface. Start by entering the command below.
logging enable logging host <interface_name> <sensor_ip> udp logging permit-hostdown logging timestamp logging device-id hostname no logging emblem Tip: (If logging is enabled and you do not see any traffic check the logging buffered setting. It may need to be adjusted to "logging buffered informational".) Note: Emblem log format should be disabled.
The <interface_name> argument specifies the interface through which you access the Blumira sensor. The sensor_ip argument specifies the IP address of the Blumira sensor.
Note: Your ACL definitions must have a log tag associated with them or they will not log out traffic matches associated with them. See Cisco's Configuring Logs for Access Lists.
Complete the steps in Logging to a Syslog Server, which provides information on how to configure a Syslog server on the Cisco Adaptive Security Appliance (ASA) by using the Adaptive Security Device Manager (ASDM) graphical user interface.
If you are still not receiving logs from the Cisco ASA, ensure that Logging Filters for Syslog Server are configured to send “Severity: Informational” and that Emblem formatting is disabled.
