Azure-Sentinel icon indicating copy to clipboard operation
Azure-Sentinel copied to clipboard

Published 20 hours ago verified publisher icon Azure

Cisco ASA Parser for Syslog

Open ZLT-ops opened this issue 3 years ago • 12 comments

Is your feature request related to a problem? Please describe. Currently didn't found any parsers that will match the Cisco ASA Syslog

Describe the solution you'd like A Query that will parse all the fields

Describe alternatives you've considered Tried to start to write on my self but got stuck trying to see all the possible fields

ZLT-ops avatar Dec 25 '21 20:12 ZLT-ops

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Dec 25 '21 20:12 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Dec 30 '21 18:12 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Dec 30 '21 18:12 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jan 03 '22 19:01 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jan 07 '22 05:01 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jan 07 '22 05:01 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jan 07 '22 05:01 github-actions[bot]

Hi, thank you for submitting this issue. The Cisco ASA connector is quite limited and based on several pre-built regexes that require an exact match for full parsing to happen. Currently fully support Is available for a small number of events. This event seems to be of ID 4-106100 while we only support 6-106100. We are currently working on a new connector for the Cisco ASA with a new Workflow supporting more events, We'll make sure to add this one to the list considered for parsing.

kochavis avatar Jan 10 '22 13:01 kochavis

Cisco ASA logs should go to CommonSecurityLog table via the CEF connector, they are parsed correctly this way unless the Cisco ASA device has the "logging emblem" setup.

guarismo avatar Jan 20 '22 21:01 guarismo

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Mar 01 '22 14:03 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jan 10 '23 12:01 github-actions[bot]

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Jan 10 '23 12:01 github-actions[bot]

Hi @ZLT-ops , thank you for flagging this. Apologies for the delayed response. If you still need assistance, please reply here within 5 business days.

v-dvedak avatar Mar 24 '23 07:03 v-dvedak

Since we have not received a response in the last 5 days, we are closing your issue #3789 as per our standard operating procedures. If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation.

v-dvedak avatar Apr 03 '23 03:04 v-dvedak

Thank you for submitting an Issue to the Azure Sentinel GitHub repo! You should expect an initial response to your Issue from the team within 5 business days. Note that this response may be delayed during holiday periods. For urgent, production-affecting issues please raise a support ticket via the Azure Portal.

github-actions[bot] avatar Apr 03 '23 03:04 github-actions[bot]