Collecting IP addresses for Cisco ASA Teardown TCP connection events

If you want IBM QRadar to collect IP addresses for Teardown TCP collection events from Cisco Adaptive Security Appliance (ASA), use the DSM Editor.

Procedure

  1. On the Admin tab, in the Data Sources section, click DSM Editor.
  2. From the Select Log Source Type window, select Cisco Adaptive Security Appliance (ASA) from the list, and then click Select.
  3. Click the Configuration tab, and then set Display DSM Parameters Configuration to on.
  4. Set Teardown IP Connection to on.
  5. Click Save and then close the DSM Editor.