cisco/asa Dashboards | Integrations | LogScale Documentation

Skip to content

LogScale Documentation Full Library Knowledge Base Release Notes Integrations Training API GraphQL API Contacting Support

cisco/asa Dashboards

Events

Widget	Description	Type
Source Ip Address	Displays a flow chart of source IP addresses by severity, class name, source host, and source address. Hide Query Show Query logscale `cisco_facility="ASA" \| host=?asaHost \| cisco_severity=?severity \| cisco_className=?classname \| sankey(source="host", target="src_addr")`	`Sankey`
Top 10 Attempted Access To Ports	Displays a list of the top 10 port access attempts. Hide Query Show Query logscale `host=?asaHost \| cisco_facility="ASA" \| cisco_mnemonic=710003 \| dst_port=?DestPort \| top(dst_port)`	`Pie Chart`
Cisco Secure Firewall ASA Series Syslog Messages	Displays a flow chart of Cisco Secure Firewall ASA syslog messages by host. Hide Query Show Query logscale `cisco_facility="ASA" \| sankey(source="host", target="cisco_mnemonic")`	`Sankey`
Connections Per Hour From Outside	Displays the number of connections per hour from outside sources in a 1 hour timespan. Hide Query Show Query logscale `src_location="outside" \| match(file="cisco/asa/asa_message_class.csv", field="cisco_classDefinition") \| timechart(span=1h)`	`Single Value`
Top 10 Destination Address	Displays a pie chart of the top 10 IP address destinations. Hide Query Show Query logscale `top(destination_ip, limit=10)`	`Pie Chart`
Number of ASA firewalls	Displays the number of ASA firewalls. Hide Query Show Query logscale `cisco_facility="ASA" \| count(field=host, distinct=true)`	`Single Value`
Event List	Displays a list of Cisco ASA events with timestamp, firewall, severity, class name, mnemonic, and message information. Hide Query Show Query logscale `cisco_facility="ASA" \| host=?asaHost \| cisco_severity=?severity \| cisco_className=?classname \| rename(host,as=Firewall) \| rename(cisco_severity,as=Severity) \| rename(cisco_className,as="Class name") \| rename(cisco_mnemonic,as=Mnemonic) \| rename(cisco_message,as=Message) \| select(["@timestamp",Firewall,Severity,"Class name",Mnemonic,Message])`	`Table`
Total Connection From Inside	Displays the number of total connections occurring from inside in a 1 hour timespan. Hide Query Show Query logscale `src_location="inside" \| match(file="cisco/asa/asa_message_class.csv", field="cisco_classDefinition") \| timechart(span=1h)`	`Single Value`
Failed By Cisco Class Name	Displays a table of failed Cisco events by class name. Hide Query Show Query logscale `groupBy(["cisco_severity","cisco_className"], function=(count(as="Count"))) \| rename(field="cisco_severity", as="Severity") \| rename(field="cisco_className", as="ClassName") \| select([Severity, ClassName, Count])`	`Table`
Top Source Ports	Displays a list of top source ports based on Cisco severity and escalation guidelines. Hide Query Show Query logscale `cisco_severity=?severity \| timechart("source_port")`	`Time Chart`
Total Accepted Connection	Displays a list of total accepted connections in a 1 hour timespan. Hide Query Show Query logscale `cisco_action = "Built" \| timechart(span=1h)`	`Single Value`
Top 10 Source Address	Displays a chart of the top 10 source IP addresses. Hide Query Show Query logscale `top("source_ip", limit=10)`	`Bar Chart`
ICMP Connction Denied	Displays a table of denied ICMP connections. Hide Query Show Query logscale `cisco_message="ICMP" \| groupBy(type, function=[]) \| rename(field="type", as="Type")`	`Table`
Events Per Firewall	Displays a table of events per firewall by severity, class, and number of events. Hide Query Show Query logscale `cisco_facility="ASA" \| cisco_severity=?severity \| cisco_className=?classname \| groupby(host) \| rename(host,as=Firewall) \| rename("_count",as="Number of events")`	`Table`
Severity Messages	Displays a chart of severity messages using Cisco data. Hide Query Show Query logscale `groupBy(cisco_severity)`	`Bar Chart`
Total Failed Connections	Displays a list of total failed connections in a one hour time span. Hide Query Show Query logscale `cisco_message="failed" \| timechart(span=1h)`	`Single Value`
Top 10 Messages	Displays a chart of top 10 ASA message classes and limits results to the first 10 entries. Hide Query Show Query logscale `cisco_facility="ASA" \| host=?asaHost \| cisco_severity=?severity \| cisco_className=?classname \| rename("cisco_classDefinition",as="ASA message classes") \| timechart("ASA message classes", limit=10)`	`Time Chart`
Cisco Action by Ports	Displays a list of Cisco actions by source port. Hide Query Show Query logscale `groupBy([source_port, cisco_action, outside, inside], function = []) \| rename(field="source_port", as="Source Port") \| rename(field="cisco_action", as="Cisco Action") \| select(["Source Port", "Cisco Action"])`	`Table`

Overview

Widget	Description	Type
Number Of Connections To Source	Displays a chart of the number of Cisco mnemonic source address connections and limits results to the first 10 entries. Hide Query Show Query logscale `cisco_mnemonic = 302013 \| top("src_addr", limit=10, rest=Other)`	`Bar Chart`
Source IP Address With City And Country Code	Displays the source IP address, then adds the city and country code and provides formatting. Hide Query Show Query logscale cisco_mnemonic = 710003 \| top("src_addr", limit=10, rest=Other, percent=true) \| ipLocation("src_addr") \| match(file="cisco/asa/country_codes.csv", column=Alpha2Code, field=src_addr.country) \| rename("_count",as="Event count") \| rename(src_addr.country,as=Country1) \| rename(CountryName,as=Country2) \| rename(src_addr.state,as="State/region") \| rename(src_addr.city,as=City) \| rename(src_addr,as="Source IP address") \| format("%,.1f", field=percent, as=Percent) \| select(["Source IP address", Country1, Country2, "State/region", City, "Event count", Percent])	`Table`
Number Of Events With Percentage	Displays a list of events defined by Cisco ASA by severity, class, percentage, etc. Hide Query Show Query logscale `cisco_facility="ASA" \| cisco_severity=?severity \| cisco_className=?classname \| top("cisco_classDefinition", rest=Other, percent=true) \| rename("cisco_classDefinition",as="ASA message classes") \| rename("_count",as="Number of events") \| format("%,.2f", field=percent, as=Percent) \| table(["ASA message classes", "Number of events", Percent])`	`Table`
ACL Block List	Displays a list of the source IP addresses and source ports of the ACL block list. Hide Query Show Query logscale `cisco_action="denied" \| top(field=[src_addr, src_port, dest_addr, service], as = "Count") \| ipLocation(field=src_addr) \| ioc:lookup("src_addr", type="ip_address") \| rename(src_addr, as = "Source Address") \| rename(src_port, as = "Source Port") \| select(["Source Address", "Source Port", "Count"])`	`Table`
Top 10 Attempted Access To Ports Table	Displays a list of the top 10 Cisco ASA ports that have had access attempted. Hide Query Show Query logscale `cisco_facility="ASA" \| cisco_mnemonic=710003 \| top(dst_port, as="Count") \| rename(dst_port, as = "Destination port") \| select(["Destination port", "Count"])`	`Table`
System Message Logging (Cisco Mnemonic)	Displays a flow chart of system message logging using Cisco Mnemonic data. Hide Query Show Query logscale `cisco_facility="ASA" \| cisco_severity=?severity \| cisco_className=?classname \| sankey(source="host", target="cisco_mnemonic")`	`Sankey`
Cisco Mnemonic	Displays a list of Cisco Mnemonic messages. Hide Query Show Query logscale `groupBy(cisco_mnemonic, function=(count(as="Count"))) \| rename(cisco_mnemonic, as = "Cisco mnemonic") \| select(["Cisco mnemonic", "Count"])`	`Table`
Cisco Severity Events Over Time	Displays a chart of Cisco ASA events and their severity level over time. Hide Query Show Query logscale `cisco_facility="ASA" \| cisco_severity=?severity \| cisco_className=?classname \| rename("cisco_severity_message",as="Severity levels") \| top("Severity levels")`	`Bar Chart`
ACL Blocks	Displays a world map of Access Control List blocks using source IP address data. Hide Query Show Query logscale `cisco_mnemonic=710003 \| worldMap(ip="src_addr")`	`World Map`
ICMP Connection Warning	Displays a table of ICMP connection warnings by type. Hide Query Show Query logscale `cisco_message="ICMP" \| groupBy(type, function=[]) \| rename(type, as = "Type")`	`Table`

Enter search term