Implementing Secure Logging Analytics (SaaS) for ASA Devices
Before you Begin
-
Review Secure Logging Analytics (SaaS) for ASA devices to learn about:
-
How events are sent to the Cisco cloud
-
Applications in the solution
-
Licenses you need
-
Data plan you need
-
-
You have contacted your managed service provider or Security Cloud Control Sales representative to create a Security Cloud Control tenant.
-
Review Secure Device Connector. Connecting Security Cloud Control to your ASA using an SDC is considered a "best practice" but it is not required.
-
If you choose to deploy an SDC in your network, you can use this method to install it:
-
You have installed one or more SECs for your tenant and you can send events from any ASA to any SEC onboarded to your tenant.
-
You have established two-factor authentication for users of your account.
Workflow to Implement Cisco Security Analytics and Logging (SaaS) and Send Events through the Secure Event Connector to the Cisco Cloud
-
Be sure to review "Before you Begin" above to make sure your environment is properly configured.
-
Onboard ASA Device to Security Cloud Control using username and password.
-
Configuring NSEL for ASA Devices Using a Security Cloud Control Macro.
-
Confirm events are visible in Security Cloud Control. From the navigation bar, select . Click the Live tab to view live events.
-
If you have a Firewall Analytics and Monitoring or Total Network Analytics and Monitoring license, continue with the next section, Analyzing Events with Cisco Secure Cloud Analytics.
Analyzing Events with Cisco Secure Cloud Analytics
If you have a Firewall Analytics and Monitoring or Total Network Analytics and Monitoring license, perform the following in addition to the previous steps:
-
Deploy one or more Secure Cloud Analytics sensors to your internal network if you purchased a Total Network Analytics and Monitoring license. See Cisco Secure Cloud Analytics Sensor Deployment for Total Network Analytics and Reporting.
-
Invite users to create Secure Cloud Analytics user accounts, tied to their Cisco Single Sign-On credentials. See Viewing Cisco Secure Cloud Analytics Alerts from Security Cloud Control.
-
Cross-launch from Security Cloud Control to Secure Cloud Analytics to monitor the Secure Cloud Analytics alerts generated from FTD events. See Viewing Cisco Secure Cloud Analytics Alerts from Security Cloud Control.
Reviewing Cisco Secure Cloud Analytics Alerts by Cross-launching from Security Cloud Control
With a Firewall Analytics and Monitoring or Total Network Analytics and Monitoring license, you can cross-launch from Security Cloud Control to Secure Cloud Analytics to review the alerts generated by FTD events.
Review these articles for more information:
Troubleshooting Secure Event Connector Issues
Use these troubleshooting topics to gather status and logging information about
Workflows
Troubleshooting Using Security and Analytics Logging Events describes using the events generated from Cisco Security Analytics and Logging to determine why a user can't access a network resource.
See also Working with Alerts Based on Firepower Threat Defense Events.