Skip to content

Cisco Firepower

Description

Constructor: Cisco

Product: Firepower

Log type: N/A

Log sample

1
access-list Inside_Admin_Interco_access_in permitted udp Inside_Admin_Interco/172.31.223.30(37963) -> Outside/208.67.220.220(53) hit-cnt 1 first hit [0xa6fd6230, 0x00000000]
1
User 'admin', running 'CLI' from IP 172.31.223.13, executed 'logging asdm-buffer-size 512'

Fields normalization

Mandatory :

Normalized fields Parsed fields
[alarm][id] [alarm_id]
[alarm][name] [data][alarm_name]
[init][user][name] [data][init_user_name]
[init][host][ip] [data][init_host_ip]
[init][host][port] [data][init_host_port]
[target][host][ip] [data][target_host_ip]
[target][host][port] [data][target_host_port]
[size] [data][size]
[duration] [data][duration]
[app][proto][name] [data][protocol]
[aim_of_authorization] [data][aim_of_authorization]
[app][return][description] [data][status]
[alarm][description] [data][action]