Cisco ASA/FTD via AMA (Preview) connector for Microsoft Sentinel
The Cisco ASA firewall connector allows you to easily connect your Cisco ASA logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | CommonSecurityLog |
| Data collection rules support | Azure Monitor Agent DCR |
| Supported by | Microsoft Corporation |
Query samples
All logs
CommonSecurityLog
| where DeviceVendor == "Cisco"
| where DeviceProduct == "ASA"
| sort by TimeGenerated
Prerequisites
To integrate with Cisco ASA/FTD via AMA (Preview) make sure you have:
- To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. Learn more
Vendor installation instructions
Enable data collection rule
Cisco ASA/FTD event logs are collected only from Linux agents.
Run the following command to install and apply the Cisco ASA/FTD collector:
sudo wget -O Forwarder_AMA_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Forwarder_AMA_installer.py&&sudo python Forwarder_AMA_installer.py
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for