Cisco Firepower¶
Description¶
Constructor: Cisco
Product: Firepower
Log type: N/A
Log sample¶
1 | access-list Inside_Admin_Interco_access_in permitted udp Inside_Admin_Interco/172.31.223.30(37963) -> Outside/208.67.220.220(53) hit-cnt 1 first hit [0xa6fd6230, 0x00000000] |
1 | User 'admin', running 'CLI' from IP 172.31.223.13, executed 'logging asdm-buffer-size 512' |
Fields normalization¶
Mandatory :
| Normalized fields | Parsed fields |
|---|---|
| [alarm][id] | [alarm_id] |
| [alarm][name] | [data][alarm_name] |
| [init][user][name] | [data][init_user_name] |
| [init][host][ip] | [data][init_host_ip] |
| [init][host][port] | [data][init_host_port] |
| [target][host][ip] | [data][target_host_ip] |
| [target][host][port] | [data][target_host_port] |
| [size] | [data][size] |
| [duration] | [data][duration] |
| [app][proto][name] | [data][protocol] |
| [aim_of_authorization] | [data][aim_of_authorization] |
| [app][return][description] | [data][status] |
| [alarm][description] | [data][action] |