Overview

Cisco Adaptive Security Appliance is a family of security devices that protect corporate networks and data centers.

Integrating your Cisco ASA logs into Hunters will allow ingestion of the logs, as well as detection and advanced investigation and correlation over these logs.

Supported Data Types

  • Cisco ASA Firewall - Network connections logs by Cisco ASA (see more details here).

Hunters Integration

In order to integrate your Cisco ASA logs into Hunters, the logs need to be collected from your network to a Storage Service (e.g. to an S3 bucket or Azure Blob Storage) shared with Hunters. The collection of the logs should be done via syslog (more details here).

The expected format of the logs is the raw message format as exported by Cisco ASA. The expected timestamp format is %b %d %Y %H:%M:%S, where timestamps are in UTC.

For example:

Cisco ASA Firewall Log Sample

Dec 25 2021 23:59:56 10.1.2.3 : %ASA-6-305011: Built dynamic TCP translation from outside:10.1.2.3/12345(LOCAL\fuser123) to outside:10.2.4.6/54321