Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard

Published 20 hours ago verified publisher icon Azure

'Cisco ASA/FTD via AMA (Preview)' does not seem to be picking up Cisco FTD events from Syslog table

Open pawelCPS opened this issue 10 months ago • 6 comments

Issue I believe this is related to 'Connector Cisco ASA/FTD via AMA does not work #7681' which it's been closed since but unless I'm missing something it appears as if the issue remains.

To Reproduce Enable said connector and send this via syslog, e.g.: %FTD-4-106023: Deny tcp src Outside:1.1.1.1/34802 dst Inside:2.2.2.2/853 by access-group "CSM_FW_ACL_" [0x97aa021a, 0x0]

Expected behaviour FDE events are expected to land in CommonSecurityLog table.

Data connector version: 1.0.0

Additional information: https://github.com/Azure/Azure-Sentinel/issues/7681

pawelCPS avatar Apr 15 '24 13:04 pawelCPS

Hi @pawelCPS, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 25 Apr 2024. Thanks!

v-rusraut avatar Apr 18 '24 11:04 v-rusraut

Hi @pawelCPS, Please provide details of DCR for this. Thanks

v-rusraut avatar Apr 22 '24 12:04 v-rusraut

Hey @pawelCPS, We are waiting for your response on above comment. Thanks!

v-sudkharat avatar Apr 24 '24 09:04 v-sudkharat

Hey @pawelCPS, We are waiting for your response on above comment. Thanks!

Hi @v-sudkharat, Appreciate you chasing for an update. I need to run this by my client as I don't have contributor role in said Sentinel workspace and so am not able to deliver required items to you. Once I have that I'll reach back out to you. Apologies for a delay!

pawelCPS avatar Apr 24 '24 09:04 pawelCPS

@pawelCPS, Noted. It would be great if you could provide any updated date with us. so we can follow up with you on that. Thanks!

v-sudkharat avatar Apr 24 '24 09:04 v-sudkharat

Hi @pawelCPS, Please provide update on above comment. Thanks

v-rusraut avatar Apr 26 '24 07:04 v-rusraut

Hi @pawelCPS , Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond to it in the next 2 days. If we don't receive a response by 02-05-2024 date, we will be closing this issue. Thanks!

v-rusraut avatar Apr 29 '24 14:04 v-rusraut

Hi @pawelCPS , since we have not received a response from you, we are closing this issue as per our standard operating procedures. If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation.

v-rusraut avatar May 03 '24 13:05 v-rusraut

Hi @pawelCPS , since we have not received a response from you, we are closing this issue as per our standard operating procedures. If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation.

Hi @v-rusraut, apologies I was away on holiday. I'd like to have this re-open please. I'm chasing my client to provide you with the info you had requested. Hopefully will have that for you in next couple of days.

pawelCPS avatar May 13 '24 08:05 pawelCPS