Download the Cisco AnyConnect VPN client in the Related Download box in the. The Cisco Meraki data connector allows you to easily connect your Cisco Meraki logs with Azure Sentinel, to view dashboards, create custom alerts, and improve investigation. Integration between Cisco Meraki and Azure Sentinel makes use of a Syslog server with the Log Analytics agent installed.-->
This article explains how to connect your Cisco ASA appliance to Azure Sentinel. The Cisco ASA data connector allows you to easily connect your Cisco ASA logs with Azure Sentinel, to view dashboards, create custom alerts, and improve investigation. Using Cisco ASA on Azure Sentinel will provide you more insights into your organization’s Internet usage, and will enhance its security operation capabilities.
Forward Cisco ASA logs to the Syslog agent
Cisco ASA doesn't support CEF, so the logs are sent as Syslog and the Azure Sentinel agent knows how to parse them as if they are CEF logs. Configure Cisco ASA to forward Syslog messages to your Azure workspace via the Syslog agent:
Go to Send Syslog messages to an external Syslog server, and follow the instructions to set up the connection. Use these parameters when prompted:
- Set port to 514 or the port you set in the agent.
- Set syslog_ip to the IP address of the agent.
To use the relevant schema in Log Analytics for the Cisco events, search for
Continue to STEP 3: Validate connectivity.
In this document, you learned how to connect Cisco ASA appliances to Azure Sentinel. To learn more about Azure Sentinel, see the following articles:
- Learn how to get visibility into your data, and potential threats.
- Get started detecting threats with Azure Sentinel.
- Use workbooks to monitor your data.
Give any user highly secure access to the enterprise network, from any device, at any time, in any location.
Cisco AnyConnect - Empower your employees to work from anywhere, on company laptops or personal mobile devices, at any time. AnyConnect simplifies secure endpoint access and provides the security necessary to help keep your organization safe and protected.
Gain more insight into user and endpoint behavior with full visibility across the extended enterprise. With AnyConnect's Network Visibility Module (NVM), you can defend more effectively and improve network operations.
Defend against threats, no matter where they are. For example, with Cisco Identity Services Engine (ISE), you can prevent noncompliant devices from accessing the network. And with Cisco Umbrella Roaming, you can extend protection when users are off the VPN.
Provide a consistent user experience across devices, both on and off premises, without creating a headache for your IT teams. Simplify management with a single agent.