Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hi, We need to exclude the source IP address of our external vulnerability scanner, so it will not be blocked by the IPS.The point is to simulate external attacks without IPS protection.Adding an access rule on the top with no IPS inspection is not a...
Hi, we need to collect FTD configuration changes logs in SIEM, which are mainly performed via FMC.On ASA we are just collecting 111010 syslog messages, but on FTD's no 111010 messages are sent, only 111008 and in each log the username is enable_1.We ...
Hi,we are trying to decrease the number of deny logs logged in our SIEM.The approach is to disable message 106023 and to log only 106100, by adding "deny ip any any log" at the end of all access lists. This way we are receiving summarized deny logs i...
Hi,
We have a pair of ASA 5585-X with Firepower ssp-60. They are deployed in multiple context mode, and the contexts are connected in cascade (traffic passes through multiple contexts).
All connections are logged twice in FMC, once on each context ...
Hi,we have implemented ASA Cluster consisted of two ASA 5585 9.2.(3) devices and have eigrp turned on outside interface.The syslog and asdm are constantly filled with the message that eigrp is dropped from the members ip's:7Mar 20 201508:22:23 10.x.y...
Hi Marco,Unfortunately, no progress ☹The only way to find who did what changes is to manually correlate audit logs from FMC (policy save/apply) and configuration logs 111008 from user “config”.Regards,Borut
Thanks Balaji, According these solution we should add it to Whitelist. But according the Cisco documentation it will not exclude it from IPS inspection:Traffic added to a Do Not Block list or monitored at the Security Intelligence stage is intentiona...
Hi Marvin, Are you sure? I need exactly this but I believe that adding a host to Security intelligence whitelist will not exclude it from IPS inspection.At least according the documentation:Traffic added to a Do Not Block list or monitored at the Sec...
