1. Logsign Support Center
  2. Logsign Unified SecOps Platform
  3. Responses

Cisco ASA Response Integration via API

Updated

πŸ”Ή Configuring Cisco ASA API for Logsign USO Integration

 

To integrate Cisco ASA with Logsign USO via API, you must create a dedicated API user with the necessary permissions. This user will be responsible for executing security response actions, including:

βœ”οΈ Create Network Object (create-network-object)

βœ”οΈ Perform ASA Configuration Backup (asa-backup)

βœ”οΈ Restore ASA Configuration (asa-restore)

 

Once the user is created, you will enter the required details in Logsign USO under Settings > Responses, selecting Cisco ASA API and filling in the fields shown in the provided image.

 

πŸ”Ή Step 1: Creating an API User on Cisco ASA

 

The API user must be configured with the necessary privileges to execute administrative actions.

 

1.1 Creating the User via Cisco ASA Web Interface (ASDM UI)

         1. Log in to Cisco ASDM (Adaptive Security Device Manager).

         2. Navigate to Configuration β†’ Device Management β†’ Users/AAA β†’ User Accounts.

         3. Click Add and enter the following details:

Β·   Username: logsign_api_user

Β·   Password: (Set a strong password and store it securely)

Β·   Privilege Level: 15 (To allow full execution of API commands)

         4. In the User Role Configuration section, assign the following permissions:

Β·   β€œSecurity Administrator” β†’ (Allows creating network objects)

Β·   β€œSystem Administrator” β†’ (Allows system-wide configuration actions, including backups and restores)

Β·   β€œAPI Access” β†’ (Enables API interaction)

         5. Click OK β†’ Apply to save the changes.

 

1.2 Creating the API User via Cisco ASA CLI (Command Line)

 

Alternatively, the user can be created via the Cisco ASA CLI with the following commands:

 

conf t

username logsign_api_user password YOUR_SECURE_PASSWORD privilege 15

privilege exec level 15 rest-api

privilege exec level 15 configure terminal

privilege exec level 15 show running-config

privilege exec level 15 copy running-config startup-config

privilege exec level 15 backup

privilege exec level 15 restore

exit

write memory

 

πŸ”Ή Explanation of the commands:

  • username logsign_api_user password YOUR_SECURE_PASSWORD privilege 15 β†’ Creates a user with full privileges.
  • privilege exec level 15 rest-api β†’ Grants access to the ASA REST API.
  • privilege exec level 15 configure terminal β†’ Allows the user to modify configurations.
  • privilege exec level 15 show running-config β†’ Grants permission to view the ASA configuration.
  • privilege exec level 15 copy running-config startup-config β†’ Allows backup creation.
  • privilege exec level 15 backup β†’ Enables ASA backup operations.
  • privilege exec level 15 restore β†’ Grants permission to restore configurations.
  • write memory β†’ Saves the configuration.

 

πŸ”Ή Step 2: Enabling API Services on Cisco ASA

 

By default, API access may not be enabled on Cisco ASA. To ensure that Logsign USO can communicate with the firewall, enable the ASA REST API service.

 

Enable API via CLI

 

conf t

rest-api agent

http server enable

http 192.168.1.100 255.255.255.255 inside

exit

write memory

 

πŸ”Ή Explanation:

  • rest-api agent β†’ Enables the API service.
  • http server enable β†’ Activates the ASA web server (required for API).
  • http 192.168.1.100 255.255.255.255 inside β†’ Allows API access from the SIEM server’s IP address.
  • write memory β†’ Saves the changes.

 

πŸ”Ή Step 3: Assigning the User to Logsign USO

 

Once the API user is created and API access is enabled, enter the details into Logsign USO to complete the integration.

  1. Log in to Logsign USO.
  2. Navigate to Settings > Responses.
  3. Select Cisco ASA API as the response method.
  4. Fill in the required fields using the API user credentials:

Β·   Device Name: (Custom identifier for the ASA firewall in Logsign USO)

Β·   Host: (Cisco ASA IP address or hostname)

Β·   Username: logsign_api_user

Β·   Password: (Password created for the user)

Β·   Port: 443 (Default API port)

5.          Click β€œCreate” to save the configuration.




βœ… Summary

  • A new API user was created with full administrative privileges to execute create-network-object, asa-backup, and asa-restore actions.
  • API access was enabled on Cisco ASA, allowing secure communication with Logsign USO.
  • The credentials were entered into Logsign USO, enabling the automation of firewall tasks.

 

πŸš€ Cisco ASA is now fully integrated with Logsign USO via API!

Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.