Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cisco_asa] sync with beats cisco module #2820

Merged
merged 7 commits into from
Mar 16, 2022
Merged

[cisco_asa] sync with beats cisco module #2820

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
3ea69a9
[cisco_asa] import beats changes 26879
leehinman Mar 10, 2022
9545c79
[cisco_asa] import beats changes 26975
leehinman Mar 10, 2022
698a0ad
[cisco_asa] import beats 29698
leehinman Mar 10, 2022
5797fd0
update manifest and changelog
leehinman Mar 11, 2022
1f64685
update manifest and changelog
leehinman Mar 11, 2022
b5042b2
Merge branch '2571_cisco_asa_sync_beats' of github.com:leehinman/inte…
leehinman Mar 11, 2022
8266a78
update README.md
leehinman Mar 11, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 11 additions & 0 deletions packages/cisco_asa/changelog.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,15 @@
# newer versions go on top
- version: "2.2.0"
changes:
- description: Add community_id processor, update 805001, 304001, 106023 and 602304 message parsing. elastic/beats#26879
type: enhancement
link: https://github.com/elastic/integrations/pull/2820
- description: Add user.name field to ASA Security negotiation log line. elastic/beats#26975
type: enhancement
link: https://github.com/elastic/integrations/pull/2820
- description: Change event.outcome and event.type handling to be more ECS compliant. elastic/beats#29698
type: enhancement
link: https://github.com/elastic/integrations/pull/2820
- version: "2.1.0"
changes:
- description: Add parsing for event code 113029-113040
Expand Down
10 changes: 9 additions & 1 deletion packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-additional-messages.log
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ May 5 18:29:32 dev01: %ASA-6-302020: Built inbound ICMP connection for faddr 10
May 5 18:29:32 dev01: %ASA-6-302020: Built outbound ICMP connection for faddr 10.10.10.10/0 gaddr 81.2.69.144/0 laddr 192.168.2.2/0 type 3 code 3
May 5 18:29:32 dev01: %ASA-6-302014: Teardown TCP connection 2960892904 for out111:10.10.10.10/443 to fw111:192.168.2.2/55225 duration 0:00:00 bytes 0 TCP Reset-I
May 5 18:29:32 dev01: %ASA-6-302013: Built outbound TCP connection 1588662 for intfacename:192.168.2.2/80 (81.2.69.144/80) to net:10.10.10.10/54839 (81.2.69.144/54839)
May 5 18:29:32 dev01: %ASA-6-302012: Teardown dynamic UDP translation from fw111:10.10.10.10/54230 to out111:192.168.2.2/54230 duration 0:00:00
May 5 18:29:32 dev01: %ASA-6-305012: Teardown dynamic UDP translation from fw111:10.10.10.10/54230 to out111:192.168.2.2/54230 duration 0:00:00
May 5 18:40:50 dev01: %ASA-4-313004: Denied ICMP type=0, from laddr 10.10.10.10 on interface fw502 to 192.168.2.2: no matching session
May 5 18:40:50 dev01: %ASA-6-305011: Built dynamic TCP translation from fw111:10.10.10.10/57006 to out111:192.168.2.2/57006
May 5 18:40:50 dev01: %ASA-2-106001: Inbound TCP connection denied from 192.168.2.2/43803 to 10.10.10.10/14322 flags SYN on interface out111
Expand Down Expand Up @@ -83,3 +83,11 @@ Apr 27 2020 02:03:03 dev01: %ASA-6-713904: All IPSec SA proposals found unaccept
Apr 27 2020 02:03:03 dev01: %ASA-6-713903: IP = 192.168.1.1, All IPSec SA proposals found unacceptable!
Apr 27 2020 02:03:03 dev01: %ASA-6-713902: Group = 100.60.140.10, All IPSec SA proposals found unacceptable!
Apr 27 2020 02:03:03 dev01: %ASA-6-713901: Group = 100.60.140.10, IP = 192.168.1.1, All IPSec SA proposals found unacceptable!
Apr 27 02:03:03 dev01: %ASA-5-713049: Group = 100.60.140.10, Username = test_user, IP = 81.2.69.143, Security negotiation complete for User (test_user) Responder, Inbound SPI = 0x0000000, Outbound SPI = 0x0000000
Apr 27 2020 02:03:03 dev01: %ASA-4-106023: Deny protocol 47 src outside:81.2.69.144 dst inside:172.31.98.44 by access-group "inbound"
Apr 27 2020 02:03:03 dev01: %ASA-4-106023: Deny icmp src OUTSIDE:2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6 dst OUTSIDE:2a02:cf40:add:4002:91f2:a9b2:e09a:6fc6 (type 128, code 0) by access-group "OUTSIDE_in"
Apr 27 2020 02:03:03 dev01: %ASA-4-302016: Teardown UDP connection 123364823 for OUTSIDE:67.43.156.13/500 to identity:216.160.83.61/500 duration 92:24:20 bytes 4671944
May 5 19:02:25 dev01: %ASA-4-733100: [ Scanning] drop rate-2 exceeded. Current burst rate is 0 per second, max configured rate is 8; Current average rate is 5 per second, max configured rate is 4; Cumulative total count is 19269
May 5 19:02:25 dev01: %ASA-4-733100: [ 192.168.0.1] drop rate-1 exceeded. Current burst rate is 0 per second, max configured rate is 10; Current average rate is 5 per second, max configured rate is 5; Cumulative total count is 6018
May 5 19:02:25 dev01: %ASA-4-733100: [ Port-5432 5432] drop rate-1 exceeded. Current burst rate is 8 per second, max configured rate is 10; Current average rate is 20 per second, max configured rate is 5; Cumulative total count is 12466
May 5 19:02:25 dev01: %ASA-4-733100: [ RDP 3389] drop rate-1 exceeded. Current burst rate is 63 per second, max configured rate is 10; Current average rate is 5 per second, max configured rate is 5; Cumulative total count is 3054
Loading