Cisco Security Appliances
To integrate IBM® QRadar® Risk Manager with your network devices, ensure that you review the requirements for the Cisco Security Appliances adapter.
- Neighbor data support
- Static NAT
- SNMP discovery
- EIGRP and OSPF dynamic routing
- Static routing
- IPSEC tunneling
- Telnet and SSH connection protocols
The Cisco Security Appliances adapter collects device configurations by backing up Cisco family devices. The Cisco Security Appliances adapter supports the following firewalls:
- Cisco Adaptive Security Appliances (ASA) 5500 series
- Firewall Service Module (FWSM)
- Module in a Catalyst chassis
- Established Private Internet Exchange (PIX) device.
The following table describes the integration requirements for the Cisco Security Appliances adapter.
Integration requirement |
Description |
---|---|
Versions |
ASA: 8.2 to 9.13 |
Minimum User Access Level |
privilege level 5 You can back up devices with privilege level 5 access level. For example, you can configure a level 5 user that uses local database authentication by running the following commands:
|
SNMP discovery |
Matches PIX or Adaptive Security Appliance or Firewall Service Module in SNMP sysDescr. |
Required credential parameters To add credentials in QRadar, log in as an administrator and use Configuration Monitor on the Risks tab. |
Username Password Enable Password You can specify the enable level of the user that you configure to access the ASA device from QRadar Risk Manager. For example, use the enable username of level-5 to make the adapter run enable 5 to enter privileged mode, instead of the higher level enable mode. |
Supported connection protocols To add protocols in QRadar, log in as an administrator and use Configuration Monitor on the Risks tab. |
Use any one of the following supported connection protocols: Telnet SSH SCP |
Required commands that the adapter requires to log in and collect data |
The The The The |