AlienVault® USM Anywhere™

Configuring the AlienApp for Cisco ASA

Role Availability Read-Only Analyst Manager

To use the AlienApp for Cisco ASA in USM Anywhere, you need to perform the following steps in you Cisco ASA environment:

  • Download and install the Cisco ASA Representational state transfer (REST) API agent.
  • Enable the REST API agent.
  • Create a Cisco ASA user profile with a privilege level of 15 to be able to communicate with USM Anywhere.

To install and configure the Cisco ASA REST API

  1. Go to the Cisco ASA REST API quick start guide and follow the steps listed in the "Install and Configure the ASA REST API Agent and Client" section of the documentation.
  2. Open the command line interface (CLI), and enter the following:

     username <USER_NAME> password <PASSWORD> privilege 15

    This creates the user account with a privledge level 15.

To enable AlienApp for Cisco ASA in USM Anywhere

  1. In USM Anywhere, go to Data Sources > Integrations.
  2. Click the AlienApps tab.

    Available Apps tab

  3. On the AlienApps page, click the Cisco ASA tile.

    The Status tab displays showing that the app is disabled.

  4. If you have more than one deployed USM Anywhere Sensor, select the sensor that you want to use for the enabled AlienApp.

    AlienApps operate through a deployed sensor and use APIs to integrate with the connected third-party technology. Select the sensor that can access the integration endpoint. The HTTPS connections to the API will originate from this sensor, so it is important to make sure the sensor has network access to the AlienApp API endpoints.

  5. Click Enable.

  6. Enter the Cisco ASA Management IP Address or Host Name, Port, Username, and Password.

    Optionally, select Validate HTTPS host name and Require CA certificate and enter the CA certificate if you want to use this option.

  7. Click Save.

Forward Cisco ASA Syslog Messages to USM Anywhere

To fully integrate USM Anywhere with the AlienApp for Cisco ASA, you need to configure syslog forwarding in the Cisco ASA device or management server to send the events to your sensor, and then assign the Cisco ASA plugin to the asset(s) representing the Check Point device or management server.

See the Cisco ASA plugin guide and follow the steps outlined to configure syslog forwarding.

Assign Cisco ASA to Your Assets

Because the Cisco ASA plugin does not support automatic asset discovery, you must manually assign the Cisco ASA plugin to the asset(s) representing the Cisco ASA device or management server’s IP address in USM Anywhere. If the Cisco ASA plugin isn't assigned to any assets, the Cisco ASA events will be handled by the AlienVault Generic Plugin, which will result in some of the data from the log not being properly parsed or associated with the plugin.

See Manual Integration Management for instructions on how to assign the AlienApp for Cisco ASA to your assets.