Skip to content

[cisco_asa] Fix categorization of network protocols #9642

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 18, 2024
Merged

[cisco_asa] Fix categorization of network protocols #9642

merged 2 commits into from
Apr 18, 2024

Conversation

taylor-swanson
Copy link
Contributor

@taylor-swanson taylor-swanson commented Apr 18, 2024
edited
Loading

  • Remapped layer 3 protocols (icmp) to network.type
  • Remapped layer 4 protocols (tcp) to network.transport

Reference for Cisco ASA message types: https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslog-messages-101001-to-199021.html

Proposed commit message

  • Ensure that network protocols are assigned to the correct ECS field based on their layer.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.

How to test this PR locally

cd packages/cisco_asa
elastic-package

Related issues

  • Relates elastic/sdh-beats#4627

@taylor-swanson
[cisco_asa] Fix categorization of network protocols
4e80a49 
- Ensure that network protocols are assigned to the correct
ECS field based on their layer.
@taylor-swanson taylor-swanson added bug Something isn't working, use only for issues Integration:cisco_asa Cisco ASA Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices] labels Apr 18, 2024
@taylor-swanson taylor-swanson self-assigned this Apr 18, 2024
@elasticmachine
Copy link

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport

@taylor-swanson taylor-swanson marked this pull request as ready for review April 18, 2024 16:25
@taylor-swanson taylor-swanson requested a review from a team as a code owner April 18, 2024 16:25
@elasticmachine
Copy link

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

pkoutsovasilis
pkoutsovasilis approved these changes Apr 18, 2024
View reviewed changes
Copy link
Contributor

@pkoutsovasilis pkoutsovasilis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@elasticmachine
Copy link

💚 Build Succeeded

History

cc @taylor-swanson

@elastic-sonarqube Elastic SonarQube
Copy link

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube

@taylor-swanson taylor-swanson merged commit af36780 into elastic:main Apr 18, 2024
@taylor-swanson taylor-swanson deleted the bug/cisco-asa-protocol branch April 18, 2024 19:34
@elasticmachine
Copy link

Package cisco_asa - 2.33.2 containing this change is available at https://epr.elastic.co/search?package=cisco_asa

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pkoutsovasilis pkoutsovasilis pkoutsovasilis approved these changes

Assignees

@taylor-swanson taylor-swanson

Labels
bug Something isn't working, use only for issues Integration:cisco_asa Cisco ASA Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@taylor-swanson @elasticmachine @pkoutsovasilis