Change log for CISCO_ASA_FIREWALL
Date | Changes |
---|---|
2024-10-09 | - Added support for message number 313005 and 710003 for action field to security_result.action = "BLOCK".
|
2024-08-16 | - Added support for "cisco_message_number" 302014 for "security_result.action_details" as "Teardown TCP connection".
|
2024-06-13 | - Updated Grok pattern for "cisco_message_number" 721018.
- Added support for "cisco_message_number" 317078. |
2024-04-24 | Updated Grok pattern for "cisco_message_number" 713016, 212005. |
2023-12-15 | Updated Grok pattern for "cisco_message_number" 302014, 302015, and 302016. |
2023-12-13 | Updated the Grok pattern to handle unparsed logs issue. |
2023-11-29 | Aligned "principal/target.hostname" and "principal/target.asset.hostname" mapping. |
2023-09-06 | - Updated Grok pattern for "cisco_message_number" 302013.
|
2023-08-09 | - Updated Grok pattern for "cisco_message_number" 302014, 302015, and 302016.
|
2023-06-14 | Updated the parser to include "parse_network_http_user_agent" to use "Parsed User Agent" and "User Agent". |
2023-05-17 | - Added support for logs with '<' and '>' characters where 'cisco_message_number=722051'.
|
2023-05-02 | - Updated mapping for the "ori_src_ip" and "ori_dst_ip" fields.
|
2023-03-29 | Changed validation for NETWORK_CONNECTION event. - Extracted "asa_device_ip" from syslog header and mapped it to "observer.ip". - Changed mapping of user IP address from "target.ip" to "principal.ip" for cisco_message_number=113015. - Updated Grok pattern for cisco_message_number=402116, 402119, 419003, 713025,713034,104002. - Added Grok pattern for cisco_message_number=713024, 210007. |
2022-12-20 | Enhancement - Updated the Grok pattern for cisco_message_number=113005, 737026. - Added new Grok pattern for cisco_message_number=109201. - Mapped metadata.event_type as USER_UNCATEGORIZED when principal.user.userid is not null. - Mapped metadata.event_type as STATUS_UNCATEGORIZED when principal.ip is not null. |
2022-10-12 | Bugfix - Added new Grok pattern for cisco_message_number=302015 for outbound connection. |
2022-09-28 | Promoted CISCO_ASA_FIREWALL parser to default. As part of promotion
customer's symlink are also being removed. For the field mapping differences, see field mapping changes |