แก้ไข

แชร์ผ่าน


Cisco ASA/FTD via AMA (Preview) connector for Microsoft Sentinel

The Cisco ASA firewall connector allows you to easily connect your Cisco ASA logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute Description
Log Analytics table(s) CommonSecurityLog
Data collection rules support Azure Monitor Agent DCR
Supported by Microsoft Corporation

Query samples

All logs

CommonSecurityLog

| where DeviceVendor == "Cisco"

| where DeviceProduct in ("ASA", "FTD")

| extend ingestion_time = bin(TimeGenerated, 1m)

| join kind=inner (Heartbeat 

| where Category == "Azure Monitor Agent" 

| project TimeGenerated, _ResourceId

| summarize by _ResourceId, ingestion_time = bin(TimeGenerated, 1m)) on _ResourceId, ingestion_time

| project-away  _ResourceId1, ingestion_time, ingestion_time1 
         
| sort by TimeGenerated

Prerequisites

To integrate with Cisco ASA/FTD via AMA (Preview) make sure you have:

  • To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. Learn more

Vendor installation instructions

Enable data collection rule​

Cisco ASA/FTD event logs are collected only from Linux agents.

Run the following command to install and apply the Cisco ASA/FTD collector:

sudo wget -O Forwarder_AMA_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Forwarder_AMA_installer.py&&sudo python Forwarder_AMA_installer.py

Next steps

For more information, go to the related solution in the Azure Marketplace.