About Security Analytics and Logging (SAL SaaS) for the ASA

Security Analytics and Logging (SaaS) allows you to capture all syslog events and Netflow Secure Event Logging (NSEL) from your ASA and view them in one place in Security Cloud Control.

The events are stored in the Cisco cloud and viewable from the Event Logging page in Security Cloud Control where you can filter and review them to gain a clear understanding of what security rules are triggering in your network. The Logging and Troubleshooting package gives you these capabilities.

With the Logging Analytics and Detection package (formerly Firewall Analytics and Logging package), the system can apply Secure Cloud Analytics dynamic entity modeling to your FTD events, and use behavioral modeling analytics to generate Secure Cloud Analytics observations and alerts. If you obtain a Total Network Analytics and Monitoring package, the system applies dynamic entity modeling to both your FTD events and your network traffic, and generates observations and alerts. You can cross-launch from Security Cloud Control to a Secure Cloud Analytics portal provisioned for you, using Cisco Single Sign-On.

Licensing

To configure this solution you need the following accounts and licenses:

• Security Cloud Control: You must have a Security Cloud Control tenant.

• Secure Device Connector: There is no separate license for a Secure Device Connector.

• Secure Event Connector: There is no separate license for a Secure Event Connector.

• Secure Logging Analytics (SaaS): See Security Analytics and Logging Licenses.

• Adaptive Security Appliance (ASA): Base license or higher.

Next Step

Go to Implementing Secure Logging Analytics (SaaS) for ASA Devices