Cisco ASA firewalls and AnyConnect - Learn more about collecting Cisco ASA firewall and AnyConnect VPN logs using a Syslog Collector applet and content pack integration in Cortex XDR. - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR 5.x Documentation
Product
Cortex XDR
License
XDR + Cloud
Creation date
2025-07-13
Last date published
2026-06-04
Category
Administrator Guide
Abstract

Learn more about collecting Cisco ASA firewall and AnyConnect VPN logs using a Syslog Collector applet and content pack integration in Cortex XDR.

You can configure collecting Cisco ASA firewall and AnyConnect VPN logs using a Broker VM Syslog Collector applet or with a content pack integration:

Cisco ASA firewalls and AnyConnect vendor

Description

Syslog Collector applet overview

If you use Cisco ASA firewalls or Cisco AnyConnect VPN, you can forward Cisco ASA firewall and AnyConnect VPN logs to Cortex XDR using the Broker VM Syslog Collector applet in a CISCO format.

Link to Syslog Collector applet instructions

Ingest logs from Cisco ASA firewalls and AnyConnect

Link to content pack/integration instructions

The Cisco ASA content pack interacts with the Cisco Adaptive Security Appliance Software via an API to manage interfaces, rules, and network objects. The content pack includes the following integration:

  • Cisco Adaptive Security Appliance Software: Use this integration to manage interfaces, rules, and network objects on the Cisco Adaptive Security Appliance Software platform. This integration includes commands for listing and managing network object groups, local user groups, local users, time ranges, security object groups, user objects, interface information, configuration backup, and creating, listing, getting, editing, and deleting firewall rules, along with the command to save the running configuration to memory (cisco-asa-write-memory).