Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
370
Views
0
Helpful
0
Replies

What event IDs to check for communication between two hosts?

Nikhil9
Level 1
Level 1

‎09-27-2018 11:08 AM - edited ‎03-22-2019 10:02 AM

We need to filter out the below events IDs from SIEM as per CISCO's recommendation: https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security-technology-partners/bn_cisco_siem.pdf

 

%ASA-6-305010: Teardown translation from interface_name to interface_name
%ASA-6-305011: Built translation from interface_name to interface_name
%ASA-6-305012: Teardown translation from interface_name to interface_name
%ASA-6-302014: Teardown TCP connection id for interface to interface
%ASA-6-302016: Teardown UDP connection number for interface to interface
%ASA-6-302013: Built TCP connection_id for interface to interface

Are there any other event IDs which can tell the communication between two hosts apart from the one mention above?

Or devices which can detect the communication between two hosts ?

Also what other event IDS or message log level we can drop from reaching towards our SIEM tool.

 

Thanks in advance.

 

Kind Regards,

Nikhil

 

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents