03-21-2016 03:08 AM - edited 03-12-2019 12:31 AM
Thanks for reading,
I have an ASA with Firepower and have setup Malware protection and URL filtering and all looks good from the monitoring in that I'm seeing threats detected and mitigated - Image attached.
I have 3 questions so any help appreciated;
1. how do I see what sites have been accessed or what has been blocked in more detail. I can for example see the categories blocking traffic but When I drill down into the category I just get a bulk number but no detail on what people are tryng to access. Ideally I'd like to see what is being dropped in order to tune the urls list.
2. how can I translate the above back to an individual machine? We do not have a domain controller so LDap etc.. not possible.
3. The Blocked content desitations are showing IP's but ideally I'd like to see the URLS or some reverse lookup.
Thanks in advance
Dave
04-22-2018 09:12 AM
Did anyone have any thoughts on item number 3? I have the same issue using ASDM reports. DNS is configured for the sfr module but IPs in the Destination report are not being resolved to names. I know ASDM reporting and drilldown is limited, but I expected name resolution to work.
Thanks
Jeremy
04-23-2018 01:52 AM
04-23-2018 02:05 AM
Thanks Florin. I agree FMC would be much better for reporting, and one day that might happen, but sadly I'm restricted to ASDM at the moment. It just surprises me that it won't resolve the IPs to hostnames in the report, so I wonder if that's really a limitation of ASDM reporting or if it's something I need to change in the config.
Thanks
Jeremy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide