cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Malware Policy

613
Views
0
Helpful
1
Comments

I have 2 Firepower module (ASA 5525) with Malware and IPS licence. Recently i changed the Malware policy action set to "Block Malware" and "Reset Connection". How to log the event if my policy blocked any files? Please find the attached screen shot for policy settings. 

 

Thanks, 

Manu 

Comments
Cisco Employee

Manu,

 

Logging the file event would be configured in the Access Control rule of your Access Control Policy. Whenever you create a File Policy, you need to add that File Policy to an Access Control Rule in your Access Control Policy. Logging file events is enabled to log to the FMC by default.

 

Source:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/connection_logging.html

Content for Community-Ad