Connect this data source on your own, using the Hunters platform.
TL;DR
Supported data types | 3rd party detection | Hunters detection | IOC search | Search | Table name | Log format | Collection method |
|---|---|---|---|---|---|---|---|
Cisco ASA Firewall | ✅ | ✅ | cisco_asa_firewall | CSV without header | S3 | ||
Cisco FTD Firewall | ✅ | ✅ | cisco_ftd_firewall | CSV without header | S3 | ||
Cisco FTD Impact Flag Logs | ✅ | ✅ | cisco_ftd_impact_flag_logs | Text | S3 |
Overview
Cisco has several network appliances that allow network monitoring and inspection, protecting corporate networks and data centers, such as Cisco Adaptive Security Appliance and Cisco Firepower Threat Defense.
Integrating your Cisco Firewall logs into Hunters will allow ingestion of the logs, as well as detection and advanced investigation and correlation over these logs.
Supported data types
Cisco ASA Firewall
Table name: cisco_asa_firewall
Cisco ASA Firewall logs record network traffic and events managed by the firewall, detailing information such as connections allowed or denied, system errors, configuration changes, and security threats. These logs are crucial for security monitoring, compliance, and troubleshooting network issues.
Learn more here.
Cisco FTD Firewall
Table name: cisco_ftd_firewall
Cisco FTD (Firepower Threat Defense) Firewall logs detail security and traffic events managed by the firewall, including threat detections, traffic flow, policy enforcement, and system status updates. These logs are integral for security management, providing insights necessary for threat analysis, compliance auditing, and operational troubleshooting within network environments.
Cisco FTD Impact Flag Logs
Table name: cisco_ftd_impact_flag_logs
Cisco FTD Impact Flag Logs classify security events based on the potential impact they could have on the network. These logs include a flag indicating the severity and potential impact of threats detected by the firewall, helping administrators prioritize responses and focus on the most critical issues first. This classification system aids in efficient threat management and ensures that resources are allocated to address the most significant threats to the network's security.
Learn more here.
Send data to Hunters
Hunters supports the ingestion of Cisco Firewall logs via an intermediary AWS S3 bucket.
To connect Cisco Firewall logs:
Export your logs and into an AWS S3 bucket. More information can be found here.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
The expected format of the logs is the raw message format as exported by Cisco ASA. The expected timestamp format is %b %d %Y %H:%M:%S, where timestamps are in UTC.
Cisco ASA Firewall Log
Dec 25 2021 23:59:56 10.1.2.3 : %ASA-6-305011: Built dynamic TCP translation from outside:10.1.2.3/12345(LOCAL\fuser123) to outside:10.2.4.6/54321
Cisco FTD Firewall Log
"Jun 09 2022 16:27:37 10.1.2.3 : %FTD-6-305011: Built dynamic UDP translation from INTERNAL:10.5.5.5/57641 to EXTERNAL:8.8.8.8/53"
Cisco FTD Firewall Impact Flag Alerts
Dec 22 08:40:47 na1fmc1 SFIMS: [1:43687:2] "INDICATOR-COMPROMISE Suspicious .top dns query" [Impact: Potentially Vulnerable] From \"ftd_host\" at Thu Dec 22 08:40:45 2022 UTC [Classification: Misc Activity] [Priority: 3] {udp} 10.11.215.188:51526 (unknown)->10.11.7.3:53 (unknown)