Stay organized with collections Save and categorize content based on your preferences.

Change log for CISCO_FIREPOWER_FIREWALL

Date Changes
2022-07-07 Enhancement
- Removed is_alert where product_event_type is [430002,430003,313005,419002].
- Added is_alert where product_event_type is 430005.
2022-06-27 Mapped the following unparsed events:
[1:1000171:1] (Nmap), [122:1:1] (Portscan), [122:2:1] (Portscan), [122:8:1] (Portscan), [122:19:1] (Portsweep), [122:21:1] (Portscan), [122:22:1] (Portscan), [122:23:1], (Portsweep), [122:24:1] (Portscan), [122:7:1] (Portsweep),LOGSTASH[-].
Mapped "category" to "security_result.threat_name" where eventId is "http_inspect".
Mapped "category" to "security_result.threat_name" where eventId is "0" and product is "SFIMS".
Mapped "Classification" to "security_result.threat_name" where eventId is "430001".
Mapped "DeviceUUID" to "principal.resource.id" where eventId is "430001".
2022-06-09 Bug-
Added new field mapping. ACPolicy mapped to "security_result.rule_labels".
Removed field name from "security_result.confidence_details" value.
Removed field name from "security_result.rule_name" value.
2022-05-20 Bug-Fixed an error where SFIMS product logs were not being parsed.
2022-05-05 Enhancement-Moved customer specific to default and fixed incorrectly parsed metadata.event_timestamp.
2022-04-22 Enhancement-Fixed incorrectly parsed metadata.event_timestamp.
2022-04-13 Enhancement- mapped metadata.event_timestamp correctly for some unparsed logs
2022-04-04 Enhancement- Zones, interfaces, policy, user, bytes, Urlcategory and urlreputation fields are mapped.
2022-03-22 Enhancement-IngressZone,EgressZone,Priority,GID,SID,Revision,IntrusionPolicy fields are mapped.