Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1103
Views
0
Helpful
3
Replies

ASA5506 - ASDM Firepower reporting

davidfield
Level 3
Level 3

‎03-21-2016 03:08 AM - edited ‎03-12-2019 12:31 AM

Thanks for reading,

I have an ASA with Firepower and have setup Malware protection and URL filtering and all looks good from the monitoring in that I'm seeing threats detected and mitigated - Image attached. 

I have 3 questions so any help appreciated;

1. how do I see what sites have been accessed or what has been blocked in more detail. I can for example see the categories blocking traffic but When I drill down into the category I just get a bulk number but no detail on what people are tryng to access.  Ideally I'd like to see what is being dropped in order to tune the urls list.

2. how can I translate the above back to an individual machine?  We do not have a domain controller so LDap etc.. not possible.

3. The Blocked content desitations are showing IP's but ideally I'd like to see the URLS or some reverse lookup.

Thanks in advance

Dave

2 people had this problem
Labels:
Preview file
41 KB
Preview file
29 KB
Preview file
74 KB
Preview file
40 KB
0 Helpful
3 Replies 3

jfnking
Level 1
Level 1

‎04-22-2018 09:12 AM

Did anyone have any thoughts on item number 3?  I have the same issue using ASDM reports.  DNS is configured for the sfr module but IPs in the Destination report are not being resolved to names.  I know ASDM reporting and drilldown is limited, but I expected name resolution to work.

 

Thanks

Jeremy

 

 

0 Helpful

Florin Barhala
Level 6
Level 6
In response to jfnking

‎04-23-2018 01:52 AM

I am on my way to know better Firepower: maybe Firepower Management Center aka FMC server could give you more/better reports.
0 Helpful

jfnking
Level 1
Level 1
In response to Florin Barhala

‎04-23-2018 02:05 AM

Thanks Florin.  I agree FMC would be much better for reporting, and one day that might happen, but sadly I'm restricted to ASDM at the moment.  It just surprises me that it won't resolve the IPs to hostnames in the report, so I wonder if that's really a limitation of ASDM reporting or if it's something I need to change in the config.

 

Thanks

Jeremy

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card