Collecting IP addresses for Cisco ASA Teardown TCP connection events
If you want IBM
QRadar to collect IP addresses for Teardown TCP collection events from Cisco Adaptive Security Appliance
(ASA), use the DSM Editor.
Procedure
- On the Admin tab, in the Data Sources section, click DSM Editor.
- From the Select Log Source Type window, select Cisco Adaptive Security Appliance (ASA) from the list, and then click Select.
- Click the Configuration tab, and then set Display DSM Parameters Configuration to on.
- Set Teardown IP Connection to on.
- Click Save and then close the DSM Editor.