Cisco-IOS decoder for EMWEB-3-LOGIN_FAILED events #14739
Labels
feed/decoders
Decoders related issues
level/task
reporter/operations
team/threatintel
Threat Intelligence team
type/enhancement
New feature or request
Description
Hello team! I recently needed to work on decoding the user on next event from Cisco-IOS:
%EMWEB-3-LOGIN_FAILED: ews_auth.c:1234 Login failed for the user:USERNAME_HERE. Service-Type is not present or it doesn't allow READ/WRITE permission..
So I created next decoder to do so:
The only thing to consider is that I needed to add it right before the last decoder in
/var/ossec/ruleset/decoders/0065-cisco-ios_decoders.xml
for it to work.Service/Product/Module
cisco-ios.
Errors/Improvements
Current results
Expected results
Resources
Log source / integration
cisco-ios via syslog
Log reference
Log examples
%EMWEB-3-LOGIN_FAILED: ews_auth.c:1234 Login failed for the user:USERNAME_HERE. Service-Type is not present or it doesn't allow READ/WRITE permission..
The text was updated successfully, but these errors were encountered: