ASIM Web Session ASIM parser for Cisco Firepower

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to ASIM Index

Parser Information

Property Value
Parser Name ASimWebSessionCiscoFirepower
Built-in Parser _ASim_WebSession_CiscoFirepower
Schema WebSession
Schema Version 0.2.6
Parser Type 🔌 Source (product-specific)
Product Cisco Firepower
Parser Version 0.1.0 (version history)
Last Updated Oct 30 2023
Unifying Parser ASimWebSession
Source File Parsers\ASimWebSession\Parsers\ASimWebSessionCiscoFirepower.yaml

Description

This ASIM parser supports normalizing commonly used Cisco Firepower messages collected using the CEF Data Connector to the ASIM WebSession normalized schema.

Source Tables

This parser reads from the following tables:

Table Selection Criteria Transformations Ingestion API Lake-Only
CommonSecurityLog DeviceEventClassID in "File:500:1,FileMalware:502:1,FireAMP:125:1"
DeviceEventClassID has "File:500:1"
DeviceEventClassID has "FileMalware:502:1"
DeviceProduct == "Firepower"
DeviceVendor == "Cisco"		 ?

Parameters

Name Type Default
disabled bool False

Associated Connectors

The following connectors provide data for this parser:

Connector Solution
CefAma Common Event Format
CloudNSSAuditLogs_ccp Zscaler Internet Access
CloudNSSCASBActivityLogs_ccp Zscaler Internet Access
CloudNSSCASBCRMLogs_ccp Zscaler Internet Access
CloudNSSCASBCloudStorageLogs_ccp Zscaler Internet Access
CloudNSSCASBCollabLogs_ccp Zscaler Internet Access
CloudNSSCASBEmailLogs_ccp Zscaler Internet Access
CloudNSSCASBFileSharingLogs_ccp Zscaler Internet Access
CloudNSSCASBITSMLogs_ccp Zscaler Internet Access
CloudNSSCASBRepoLogs_ccp Zscaler Internet Access
CloudNSSDNSLogs_ccp Zscaler Internet Access
CloudNSSEmailDLPLogs_ccp Zscaler Internet Access
CloudNSSEndpointDLPLogs_ccp Zscaler Internet Access
CloudNSSFWLogs_ccp Zscaler Internet Access
CloudNSSTunnelLogs_ccp Zscaler Internet Access
CloudNSSWebLogs_ccp Zscaler Internet Access
VirtualMetricDirectorProxy VirtualMetric DataStream
VirtualMetricMSSentinelConnector VirtualMetric DataStream
VirtualMetricMSSentinelDataLakeConnector VirtualMetric DataStream

Solutions: Common Event Format, VirtualMetric DataStream, Zscaler Internet Access

References

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to ASIM Index