How ASA Events are Displayed in Security Cloud Control

This diagram describes how ASA devices shares syslog and NSEL events with Security Cloud Control.

How ASA events are displayed in Security Cloud Control

Step

Description

1

You configure the ASA to forward syslog and NSEL events to any one of your Secure Event Connectors as if they were syslog servers and enable logging on the device.

Syslog events and NSEL events are generated when logging is enabled on the ASA, and network traffic matches access control rule criteria. The ASA device forwards the syslog and NSEL events to the configured Secure Event Connector.

2

The Secure Event Connector forwards the events to Security Services Exchange.

3

Security Services Exchange aggregates the event data from all the ASA devices, converts it to JSON format, and sends it to Security Analytics and Logging for storage.

4

Security Analytics and Logging process the event data using various services to classify and enrich it for use by the Security Cloud Control.

5

Security Cloud Control stores the event data in the cloud data store. Security Cloud Control queries the stored data to provide SOC analysts with the relevant information.