Integrate ATA with Cisco ASA firewall logs

Question

Hi there,
I have a quick question about Microsoft Advanced Threat Analytics (ATA), How we can integrate ATA with Cisco ASA(&nbsp;Adaptive Security Appliance) Firewall Logs? and if it's possible what will be the implementation requirements for any organization?
&nbsp;
Thanks in Advanced!
&nbsp;
&nbsp;

artom harchenko · Answer

This is now possible. ATA can receive&nbsp;VPN accounting logs from Cisco ASA. It is using RADIUS accounting events forwarded to ATA.
See this article:
https://docs.microsoft.com/en-us/advanced-threat-analytics/vpn-integration-install-step
&nbsp;

nicholas dicola (security jedi) · Answer

Hi,
ATA does not integrate with FW logs from any vendor. Today it only collects windows event logs from the DCs which can be captured using a supported SIEM or Windows Event Fowarding.

jeff_kk_yip · Answer

Hi Artom, to setup the integration between Cisco ASA and ATA as per the documentation, it stated the port 1813 on ATA Gateways and Ligthweight Gateways, what about the authentication port? Reason I ask because Cisco ASA not allow the authentication port left empty.
&nbsp;
On the other note, ATA Ligthweight Gateways do not have the "1812" advertising/listening, hence would this cause the integration not working?

hongtao jiang · Answer

Hi Artom,the article is for the windows side configuration, do you have a reference for the ASA end configuration?

hongtao jiang · Answer

Hi Jeffrey,Have you got it fixed?

Forum Discussion

Integrate ATA with Cisco ASA firewall logs

7 Replies