Skip to content

Commit

Permalink
Sync ftd and asa data streams with beats
Browse files Browse the repository at this point in the history
  • Loading branch information
marc-gr committed Feb 15, 2021
1 parent 1066fc6 commit 18aa439
Show file tree
Hide file tree
Showing 27 changed files with 941 additions and 878 deletions.

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@
"event": {
"severity": 6,
"duration": 0,
"ingested": "2021-01-28T23:44:36.493090800Z",
"ingested": "2021-02-15T11:59:07.863582034Z",
"code": "302016",
"original": "%ASA-6-302016: Teardown UDP connection 110577675 for Outside:10.123.123.123/53723(LOCAL\\Elastic) to Inside:10.233.123.123/53 duration 0:00:00 bytes 148 (zzzzzz)",
"kind": "event",
Expand Down Expand Up @@ -114,7 +114,6 @@
"SNL-ASA-VPN-A01"
],
"ip": [
"10.123.123.123",
"10.123.123.123"
]
},
Expand All @@ -123,7 +122,7 @@
},
"event": {
"severity": 4,
"ingested": "2021-01-28T23:44:36.493103100Z",
"ingested": "2021-02-15T11:59:07.863590744Z",
"code": "106023",
"original": "%ASA-4-106023: Deny icmp src Inside:10.123.123.123 dst Outside:10.123.123.123 (type 11, code 0) by access-group \"Inside_access_in\" [0x0, 0x0]",
"kind": "event",
Expand Down Expand Up @@ -165,7 +164,6 @@
"@timestamp": "2013-04-15T09:36:50.000Z",
"related": {
"ip": [
"10.123.123.123",
"10.123.123.123"
]
},
Expand All @@ -184,7 +182,7 @@
},
"event": {
"severity": 4,
"ingested": "2021-01-28T23:44:36.493111100Z",
"ingested": "2021-02-15T11:59:07.863593146Z",
"code": "106023",
"original": "%ASA-4-106023: Deny tcp src dmz:10.123.123.123/6316 dst outside:10.123.123.123/53 type 3, code 0, by access-group \"acl_dmz\" [0xe3afb522, 0x0]",
"kind": "event",
Expand Down Expand Up @@ -251,7 +249,6 @@
"SNL-ASA-VPN-A01"
],
"ip": [
"10.123.123.123",
"10.123.123.123"
]
},
Expand All @@ -260,7 +257,7 @@
},
"event": {
"severity": 4,
"ingested": "2021-01-28T23:44:36.493118800Z",
"ingested": "2021-02-15T11:59:07.863595230Z",
"code": "106023",
"original": "%ASA-4-106023: Deny udp src Inside:10.123.123.123/57621(LOCAL\\Elastic) dst Outside:10.123.123.123/57621 by access-group \"Inside_access_in\" [0x0, 0x0]",
"kind": "event",
Expand Down Expand Up @@ -297,7 +294,6 @@
"SNL-ASA-VPN-A01"
],
"ip": [
"10.123.123.123",
"10.123.123.123"
]
},
Expand All @@ -317,7 +313,7 @@
},
"event": {
"severity": 2,
"ingested": "2021-01-28T23:44:36.493126600Z",
"ingested": "2021-02-15T11:59:07.863597248Z",
"code": "106017",
"original": "%ASA-2-106017: Deny IP due to Land Attack from 10.123.123.123 to 10.123.123.123",
"kind": "event",
Expand Down Expand Up @@ -370,7 +366,7 @@
},
"event": {
"severity": 3,
"ingested": "2021-01-28T23:44:36.493134400Z",
"ingested": "2021-02-15T11:59:07.863599183Z",
"code": "313008",
"original": "%ASA-3-313008: Denied IPv6-ICMP type=134, code=0 from fe80::1ff:fe23:4567:890a on interface ISP1",
"kind": "event",
Expand Down Expand Up @@ -435,7 +431,7 @@
},
"event": {
"severity": 4,
"ingested": "2021-01-28T23:44:36.493142100Z",
"ingested": "2021-02-15T11:59:07.863601097Z",
"code": "313009",
"original": "%ASA-4-313009: Denied invalid ICMP code 9, for Inside:10.255.0.206/8795 (10.255.0.206/8795) to identity:10.12.31.51/0 (10.12.31.51/0), ICMP id 295, ICMP type 8",
"kind": "event",
Expand Down Expand Up @@ -504,7 +500,7 @@
},
"event": {
"severity": 6,
"ingested": "2021-01-28T23:44:36.493149900Z",
"ingested": "2021-02-15T11:59:07.863603042Z",
"code": "106100",
"original": "%ASA-6-106100: access-list incoming permitted udp dmz2/127.2.3.4(56575) -\u003e inside/127.3.4.5(53) hit-cnt 1 first hit [0x93d0e533, 0x578ef52f]",
"kind": "event",
Expand Down Expand Up @@ -569,7 +565,7 @@
},
"event": {
"severity": 6,
"ingested": "2021-01-28T23:44:36.493157600Z",
"ingested": "2021-02-15T11:59:07.863604914Z",
"code": "106100",
"original": "%ASA-6-106100: access-list incoming permitted udp dmz2/127.2.3.4(56575)(LOCAL\\\\username) -\u003e inside/127.3.4.5(53) hit-cnt 1 first hit [0x93d0e533, 0x578ef52f]",
"kind": "event",
Expand Down Expand Up @@ -641,7 +637,7 @@
},
"event": {
"severity": 3,
"ingested": "2021-01-28T23:44:36.493165400Z",
"ingested": "2021-02-15T11:59:07.863606793Z",
"code": "106102",
"original": "%ASA-session-3-106102: access-list dev_inward_client permitted udp for user redacted outside/10.123.123.20(49721) -\u003e inside/10.223.223.40(53) hit-cnt 1 first hit [0x3c8b88c1, 0xbee595c3]",
"kind": "event",
Expand Down Expand Up @@ -724,7 +720,7 @@
},
"event": {
"severity": 1,
"ingested": "2021-01-28T23:44:36.493173100Z",
"ingested": "2021-02-15T11:59:07.863608678Z",
"code": "106103",
"original": "%ASA-1-106103: access-list filter denied icmp for user joe inside/10.1.2.3(64321) -\u003e outside/1.2.33.40(8080) hit-cnt 1 first hit [0x3c8b88c1, 0xbee595c3]",
"kind": "event",
Expand Down
Loading

0 comments on commit 18aa439

Please sign in to comment.