| title | description | author | ms.topic | ms.date | ms.service | ms.author | ms.collection |
|---|---|---|---|---|---|---|---|
Cisco ASA/FTD via AMA (Preview) connector for Microsoft Sentinel |
Learn how to install the connector Cisco ASA/FTD via AMA (Preview) to connect your data source to Microsoft Sentinel. |
cwatson-cat |
how-to |
04/26/2024 |
microsoft-sentinel |
cwatson |
sentinel-data-connector |
The Cisco ASA firewall connector allows you to easily connect your Cisco ASA logs with Microsoft Sentinel, to view dashboards, create custom alerts, and improve investigation. This gives you more insight into your organization's network and improves your security operation capabilities.
This is autogenerated content. For changes, contact the solution provider.
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | CommonSecurityLog |
| Data collection rules support | Azure Monitor Agent DCR |
| Supported by | Microsoft Corporation |
All logs
CommonSecurityLog
| where DeviceVendor == "Cisco"
| where DeviceProduct in ("ASA", "FTD")
| extend ingestion_time = bin(TimeGenerated, 1m)
| join kind=inner (Heartbeat
| where Category == "Azure Monitor Agent"
| project TimeGenerated, _ResourceId
| summarize by _ResourceId, ingestion_time = bin(TimeGenerated, 1m)) on _ResourceId, ingestion_time
| project-away _ResourceId1, ingestion_time, ingestion_time1
| sort by TimeGeneratedTo integrate with Cisco ASA/FTD via AMA (Preview) make sure you have:
- To collect data from non-Azure VMs, they must have Azure Arc installed and enabled. Learn more
Enable data collection rule
Cisco ASA/FTD event logs are collected only from Linux agents.
Run the following command to install and apply the Cisco ASA/FTD collector:
sudo wget -O Forwarder_AMA_installer.py https://raw.githubusercontent.com/Azure/Azure-Sentinel/master/DataConnectors/Syslog/Forwarder_AMA_installer.py&&sudo python Forwarder_AMA_installer.py
For more information, go to the related solution in the Azure Marketplace.