Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1111
Views
0
Helpful
1
Replies

Cisco ASA 5585 interface traffic collection

deepfree1
Level 1
Level 1

‎10-25-2018 01:54 AM

Hello gents,

I have a Cisco ASA model 5585 and i have the IBM Qradar at company i work. The question is do i have any way to check the exist connection that goes through the ASA via the outside interface so i can understand who (which host IP) is overloading the network ?

What exactly do i need to do to make IBM Qradar and Cisco ASA friends ? At Qradar threre is a tree made for outside interface how can i send traffic from ASA to Qradar to be shown ? Or may be there is another way i can see what i need.

 

Regards.

Labels:
0 Helpful
1 Reply 1

Seb Rupik
VIP Alumni
VIP Alumni

‎10-25-2018 02:08 AM - edited ‎10-25-2018 02:08 AM

HI there,

I’ve never used QRadar, but a quick look at the documents shows showing call QFlow Collector. You will need to configure that to accept netflow data originating from the ASA destined to a particular UDP port on the QRadar instance.

 

On the ASA you will then need to configure netflow, in particular the export destination:

https://www.cisco.com/c/en/us/td/docs/security/asa/special/netflow/guide/asa_netflow.html#pgfId-1330480

 

Once the collector starts receiving the data it should be simple enough to filter on outbound flows with high bps values or high data volumes.

 

cheers,

Seb.

0 Helpful
Customers Also Viewed These Support Documents