Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1454
Views
0
Helpful
1
Comments

Malware Policy

Manu Shankar
Level 1
Level 1

on ‎02-24-2020 02:40 AM

I have 2 Firepower module (ASA 5525) with Malware and IPS licence. Recently i changed the Malware policy action set to "Block Malware" and "Reset Connection". How to log the event if my policy blocked any files? Please find the attached screen shot for policy settings. 

 

Thanks, 

Manu 

Preview file
59 KB
0 Helpful
Comments
shbebber
Cisco Employee
Cisco Employee
‎02-26-2020 01:32 PM

Manu,

 

Logging the file event would be configured in the Access Control rule of your Access Control Policy. Whenever you create a File Policy, you need to add that File Policy to an Access Control Rule in your Access Control Policy. Logging file events is enabled to log to the FMC by default.

 

Source:

https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/connection_logging.html

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents