Graylog GROK extractors for Cisco Firepower

Graylog GROK extractors for Cisco Firepower Intrusion events and Access Control log (simple syslog, not estreamer)

firepower-access_control-extractor.json - Access Control log

firepower-intrusion-extractor.json - Intrusion events log

firepower-extractor.json - both Intrusion events and Access Control logs

Installation

Go to System => Inputs
Choose your Input and select Manage extractors
Actions => Import extractors
Paste a body of the extractor into a form.

Note

It is important that all your sensors and sources send in source addresses in the field with the same name. The standard src_addr naming scheme is used in this example. If source addresses are being sent with differing names, analysis will become quite painful. Please edit this extractor to change field names if needed.

Name		Name	Last commit message	Last commit date
Latest commit History 28 Commits
LICENSE		LICENSE
README.md		README.md
firepower-access_control-extractor.json		firepower-access_control-extractor.json
firepower-extractor.json		firepower-extractor.json
firepower-intrusion-extractor.json		firepower-intrusion-extractor.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

LICENSE

LICENSE

README.md

README.md

firepower-access_control-extractor.json

firepower-access_control-extractor.json

firepower-extractor.json

firepower-extractor.json

firepower-intrusion-extractor.json

firepower-intrusion-extractor.json

Repository files navigation

Graylog GROK extractors for Cisco Firepower

Installation

Note

About

Releases

Packages

License

mmohylko/graylog-extractor-firepower

Folders and files

Latest commit

History

Repository files navigation

Graylog GROK extractors for Cisco Firepower

Installation

Note

About

Resources

License

Stars

Watchers

Forks