🔹 Creating a Cisco ASA User Logsign USO Integration
To successfully integrate Cisco ASA with Logsign USO, you need to create a dedicated user account on Cisco ASA with the appropriate permissions to allow the system to execute response actions such as:
✔️ Block IP (block-ip)
✔️ Unblock IP (unblock-ip)
✔️ Terminate Session (terminate-session)
After creating the user, you will enter the required details in Logsign USO under Settings > Responses, selecting Cisco ASA and filling in the fields shown in the provided image.
🔹 Step 1: Creating the User Account on Cisco ASA
The user account must be created with sufficient privileges to allow security actions.
1.1 Creating the User via Cisco ASA Web Interface (ASDM UI)
Log in to Cisco ASDM (Adaptive Security Device Manager).
Navigate to Configuration → Device Management → Users/AAA → User Accounts.
Click Add and enter the following details:
- Username: logsign_uso_user
- Password: (Set a secure password and store it safely)
- Privilege Level: 15 (To allow full execution of security actions)
In the User Role Configuration section, assign the following permissions:
- “Security Administrator” → (Allows blocking/unblocking IPs and terminating sessions)
- “Network Operator” → (Allows managing network configurations)
- “Monitor” → (Allows visibility into logs and security events)
Click OK → Apply to save the changes.
1.2 Creating the User via Cisco ASA CLI (Command Line)
Alternatively, you can create the user through the CLI by running the following commands:
conf t
username logsign_uso_user password YOUR_SECURE_PASSWORD privilege 15
privilege exec level 15 clear conn
privilege exec level 15 show conn
privilege exec level 15 configure terminal
privilege exec level 15 access-list
privilege exec level 15 no access-list
exit
write memory
🔹 Explanation of the commands:
- username logsign_uso_user password YOUR_SECURE_PASSWORD privilege 15 → Creates a user with full administrative privileges.
- privilege exec level 15 clear conn → Grants permission to terminate sessions.
- privilege exec level 15 show conn → Allows the user to view active connections.
- privilege exec level 15 access-list → Grants permission to create firewall rules for blocking/unblocking IPs.
- write memory → Saves the configuration.
🔹 Step 2: Assigning the User to Logsign USO
Once the user is created, you need to enter the details into Logsign USO to complete the integration.
Log in to Logsign USO.
Navigate to Settings > Responses.
Select Cisco ASA as the response method.
Fill in the fields using the credentials of the created user:
- Device Name: (Custom identifier for the ASA firewall in Logsign USO)
- Host: (Cisco ASA IP address or hostname)
- Username: logsign_uso_user
- Password: (Password created for the user)
- Enable Password: (Enter the enable password)
- Port: 514 (Default Syslog port)
Click “Create” to save the configuration.
âś… Summary
A new user account was created on Cisco ASA with full privileges for security responses.
The user was assigned permissions to manage network objects, firewall rules, and terminate sessions.
The credentials were entered into Logsign USO under Settings > Responses to enable response actions.
🚀 Your Cisco ASA is now ready for automated security actions through Logsign USO!