[Cisco ASA] Add event codes 113029-113040 (#2535)

* 2520: Add event codes 113029-113040 * update changelog * update generated data * update generated data * change version * mark as enhancement Co-authored-by: Dan Kortschak <90160302+efd6@users.noreply.github.com>
elastic · Feb 23, 2022 · 85b5ee1 · 85b5ee1
1 parent d3796eb
commit 85b5ee1
Show file tree

Hide file tree

Showing 18 changed files with 19,394 additions and 18,918 deletions.
diff --git a/packages/cisco_asa/_dev/deploy/docker/docker-compose.yml b/packages/cisco_asa/_dev/deploy/docker/docker-compose.yml
@@ -7,7 +7,7 @@ services:
       - ${SERVICE_LOGS_DIR}:/var/log
     command: /bin/sh -c "cp /sample_logs/* /var/log/"
   cisco-asa-udp:
-    image: docker.elastic.co/observability/stream:v0.5.0
+    image: docker.elastic.co/observability/stream:v0.6.2
     volumes:
       - ./sample_logs:/sample_logs:ro
     command: log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9514 -p=udp /sample_logs/cisco-asa.log
diff --git a/packages/cisco_asa/_dev/deploy/docker/sample_logs/cisco-asa.log b/packages/cisco_asa/_dev/deploy/docker/sample_logs/cisco-asa.log
@@ -1 +1,6 @@
 Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-305011: Built dynamic TCP translation from inside:172.31.98.44/1772 to outside:192.168.98.44/8256
+Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-302016: Teardown UDP connection 11758 for outside:192.168.80.32/53 to inside:172.31.98.44/56132 duration 0:00:00 bytes 148
+Oct 20 2019 15:42:54: %ASA-6-106100: access-list incoming permitted udp dmz2/127.2.3.4(56575)(LOCAL\\username) -> inside/127.3.4.5(53) hit-cnt 1 first hit [0x93d0e533, 0x578ef52f]
+Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-6-113039: Group VPN_USERS User example.user IP 67.43.156.14 AnyConnect parent session started.
+Jan  2 2020 11:33:20 localhost : %ASA-4-338204: Dynamic filter dropped greylisted TCP traffic from eth0:10.10.10.1/1234 (source.example.net/11234) to wan:172.24.177.3/80 (www.example.org/80), destination malicious address resolved from dynamic list: example.org, threat-level: high, category: malware
+Oct 10 2018 12:34:56 localhost CiscoASA[999]: %ASA-4-106023: Deny tcp src outside:192.168.19.254/80 dst inside:172.31.98.44/8277 by access-group "inbound" [0x0, 0x0]
diff --git a/packages/cisco_asa/changelog.yml b/packages/cisco_asa/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "2.1.0"
+  changes:
+    - description: Add parsing for event code 113029-113040
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/2535
 - version: "2.0.1"
   changes:
     - description: Clarify configuration option documentation