Web Session ASIM parser for Cisco Firepower
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Parser Information
| Property | Value |
|---|---|
| Parser Name | ASimWebSessionCiscoFirepower |
| Built-in Parser | _ASim_WebSession_CiscoFirepower |
| Schema | WebSession |
| Schema Version | 0.2.6 |
| Parser Type | 🔌 Source (product-specific) |
| Product | Cisco Firepower |
| Parser Version | 0.1.0 (version history) |
| Last Updated | Oct 30 2023 |
| Unifying Parser | ASimWebSession |
| Source File | Parsers\ASimWebSession\Parsers\ASimWebSessionCiscoFirepower.yaml |
Description
This ASIM parser supports normalizing commonly used Cisco Firepower messages collected using the CEF Data Connector to the ASIM WebSession normalized schema.
Source Tables
This parser reads from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
CommonSecurityLog |
DeviceEventClassID in "File:500:1,FileMalware:502:1,FireAMP:125:1"DeviceEventClassID has "File:500:1"DeviceEventClassID has "FileMalware:502:1"DeviceProduct == "Firepower"DeviceVendor == "Cisco" |
✓ | ✓ | ✓ |
Parameters
| Name | Type | Default |
|---|---|---|
disabled |
bool | False |
Associated Connectors
The following connectors provide data for this parser:
Solutions: Common Event Format, VirtualMetric DataStream
References
- ASIM Web Session Schema
- ASIM
- [Cisco Firepower Documentation](https://github.com/CiscoSecurity/fp-05-firepower-cli/tree/master/estreamer https://www.cisco.com/c/en/us/td/docs/security/firepower/620/api/eStreamer/EventStreamerIntegrationGuide/IS-DCRecords.html#88027 https://www.cisco.com/c/en/us/td/docs/security/firepower/620/api/eStreamer/EventStreamerIntegrationGuide/IS-DCRecords.html#84248)
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊