Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
863
Views
0
Helpful
6
Replies

Cisco WSA Proxy commands For Integrity Monitoring and its important

bilal-siddiqui
Level 1
Level 1

‎07-17-2025 12:01 PM - edited ‎07-17-2025 12:11 PM

Dear Community,

I hope you are doing well.

I would appreciate your support in resolving the following query:

What are the recommended commands for Cisco WSA Proxy related to Integrity Monitoring, and what is the significance or purpose of each command?

Your assistance in this matter will be truly valuable and appreciated.

Best regards,
Muhammad Bilal

Labels:
0 Helpful
6 Replies 6

amojarra
Cisco Employee
Cisco Employee

‎07-26-2025 08:15 AM

@bilal-siddiqui 

I hope you are doing fine 

Can you please more more details, what is the expectations?

 

Thank you 

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
0 Helpful

bilal-siddiqui
Level 1
Level 1
In response to amojarra

‎07-26-2025 08:28 AM

Dear amojarra,

I hope you are doing well.

Thank you for your response.

To clarify my request: I am currently using a File Integrity Monitoring (FIM) solution and would like to implement integrity monitoring for our Cisco Web Security Appliance (WSA) proxy. Specifically, I am looking to understand:

What are the critical configuration files or system paths on the Cisco WSA that should be monitored for changes?

Are there any recommended CLI commands or best practices to help identify key configuration files or system state relevant to FIM?

What aspects of the WSA configuration or system state are considered most critical to monitor for integrity (e.g., proxy policies, authentication, SSL inspection, etc.)?

Regards,
Muhammad Bilal

 

 

0 Helpful

bilal-siddiqui
Level 1
Level 1

‎07-26-2025 08:27 AM - edited ‎07-26-2025 08:28 AM

.

0 Helpful

amojarra
Cisco Employee
Cisco Employee

‎07-26-2025 09:07 AM

Thank you @bilal-siddiqui 

Regarding the OS file, they are Cisco's internal and you do not have access to them .

Regarding the configuration changes, every items of the Configuration that was changed, without your knowledge is critical and needs to review. 

as far as I know, most of the FIMs, can integrate with the "Change Management System"s . what you can do is:

[1] create an script to log in to WSA's CLI every day, hour, X-hours ,... and execute: saveconfig 

 [1-1] then types 2 , Enter, Enter 

[1-2] get the log's file name 

wsa-1522009.calo.amojarra> saveconfig

Choose the password option:
1. Mask passwords (Files with masked passwords cannot be loaded using loadconfig command)
2. Encrypt passwords
[1]> 2

Do you want the system to generate a name for the configuration file? [Y]>

The file S100V-123456789ABCDEFG-HIJKLMN-20250726T175814.xml has been saved in the configuration directory on machine "wsa-1522009.calo.amojarra".

 

[2] Make sure the FTP in the WSA is enabled ( GUI > Network > Interfaces > Edit > FTP ) 

[3] FTP to the WSA and navigate to : configuration folder and pull the configuration file and import to your IFM 

 

Note: you can configure :  SCP push Config backup in the WSA, as soon as there are any configuration Commit, it will send the configuration file to the SCP server 

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++     If you find this answer helpful, please rate it as such    ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
0 Helpful

bilal-siddiqui
Level 1
Level 1
In response to amojarra

‎07-26-2025 09:20 AM

Dear Amirhossein Mojarrad

Thank you for your detailed and informative response — I truly appreciate your time and support.

To further clarify my request:

I understand that direct OS-level file access is restricted on the Cisco WSA appliance. However, my primary objective is to identify which specific CLI commands expose critical configuration data, so I can regularly monitor those command outputs using the File Integrity Monitoring (FIM) solution that is already integrated with the WSA proxy.

0 Helpful

amojarra
Cisco Employee
Cisco Employee

‎07-28-2025 07:15 AM

Thank you @bilal-siddiqui 

 

Unfortunately, we do not have any CLI command that could help you a lot

the best would be the configuration file itself.

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++     If you find this answer helpful, please rate it as such    ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
0 Helpful
Customers Also Viewed These Support Documents