Cisco ASA - threat detection message fired

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Content Index

---

Identifies when the Cisco ASA Threat Detection engine fired an alert based on malicious activity occurring on the network inicated by DeviceEventClassID 733101-733105 Resources: https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs9.html Details on how to further troubleshoot/investigate: https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113685-asa-threat-detection.html

Attribute	Value
Type	Analytic Rule
Solution	CiscoASA
ID	795edf2d-cf3e-45b5-8452-fe6c9e6a582e
Severity	Medium
Status	Available
Kind	Scheduled
Tactics	Discovery, Impact
Techniques	T1046, T1498
Required Connectors	CiscoAsaAma
Source	View on GitHub

Tables Used

This content item queries data from the following tables:

Table	Selection Criteria	Transformations	Ingestion API	Lake-Only
CommonSecurityLog	DeviceEventClassID in "733101,733102,733103,733104,733105"	✓	✓	?

---

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

↑ Back to Analytic Rules · Back to CiscoASA