You are here
SEC0177 - ASA FirePower Event Correlation and Remediation (Part 2)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video demonstrates Cisco ASA FirePower capability to correlate system events and generate appropriate remediation responses. We will go through two example scenarios; one with a basic event matching and responding, and the other continues to track the connection and apply a more complex conditions before issuing response. Specifically, we will configure NMAP scan and IP shun remediations.
Part 2 of this video goes through the second scenario to shun user that transfer a file larger than 1MB via FTP
Topic:
- Correlation Policy and Rules
- Correlation Rule Event Conditions
- Connection Tracking
- Remediation Response and Response Group
- Remediation with NMAP Scan and Firewall Shun
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.