i've only realised that my aip-ssm only reports on traffic which is passed through the firewall acldoes anyone know if i can change the default behaviour of the asa to let the module see the all traffic hitting the external interface?
The architecture is such that only traffic that is allowed through the ASA is passed to the AIP-SSM/AIP-SSC for inspection. The idea being that there is no reason to tie up more resources inspecting traffic that has already been dropped/denied.
my requirement is that i log all attempted intrusions regardless of whether they are permitted through the firewall or not
If the ASA itself is dropping traffic, a syslog message should be generated/logged. Between the ASA logs and the sensor module logs, you should have what you need.
