• Support
  • Forums
  • Blogs
A New Community Experience is Coming! For more information, please see our announcement.

Monitoring Cisco ASA?

correll.chriscorrell.chris

New Life Form
I'm trying to add our Cisco ASA to OSSIM but having some issues. The correct software version isn't listed when adding the device. I'm seeing Netflow information but not Uptime, Services, Events or Vulnerabilities. I do have the correct plugin selected. I also haven't been able to find any guides online for adding a Cisco ASA to OSSIM unfortunately.

Share post:

Answers

  • You should start by sending your ASA syslogs to OSSIM, and enabling the cisco-asa plugin.  As for uptime, services, events, and vulnerabilities, these are handled by other OSSIM modules, such as asset scans and vulnerability scanning.

    P.S.  as it's a firewall, I would be very surprised if it provided enough info to a scanner to obtain any accurate operating system version.  OSSIM's OS detection relies on nmap P0f, and other such things.  Just enter it using "manually configure".

    Good luck
    correll.chris
  • I had our infrastructure guys start sending the ASA's syslogs to OSSIM yesterday and enabled the plugin as well. I'm seeing some information under Netflow but nothing within the last 8 hours. Would syslogs show under Netflow or Events?
  • I'm actually reading your whitepaper right now as well, thanks for writing that.
  • Hi Correll, I am facing the same issue here, did you manage to resolve it?

    correll.chris
  • Nope. Still not working.
Sign In or Register to comment.