User Profile
AngeloDC
Copper Contributor
Joined 2 years ago
User Widgets
Recent Discussions
Re: Cisco ASA | SIEM Log filtering Best Practice
Well I've come up with this so far. If you have any input please feel free to share. Here are some of the events we chose to filter. | Filter Rule | | ------------------------------ | | :msg, contains, "ASA-4-733100" | | :msg, contains, "ASA-4-733101" | | :msg, contains, "ASA-4-733102" | | :msg, contains, "ASA-4-733103" | | :msg, contains, "ASA-4-733104" | | :msg, contains, "ASA-4-733105" | | :msg, contains, "ASA-6-106100" | | :msg, contains, "ASA-4-106023" | | :msg, contains, "ASA-5-713041" | | :msg, contains, "ASA-6-109001" |1KViews0likes0CommentsCisco ASA | SIEM Log filtering Best Practice
Hey all you SIEM and SecDevOPs Engineers. Currently having major ingestion issues with Events logged from CISCO ASA.The problem: Even with filtering limited to Notification L5 events we accidently ingested 600M+ logs into Azure Sentinel via the CEF via AMA data-connector with the stream set to Microsoft-Ciscoasa We need to drastically reduce the amount of logs coming in, however we're struggling to find resources/guides on best practice for event logging. If there is a Cisco expert out there, can someone please point me in the right direction for getting relevant logs events which analysts can use to investigate incidents. What is the standard out there wrt high fidelity alerting and investigation capabilities.1.1KViews0likes1Comment
Recent Blog Articles
No content to show