Cisco_Umbrella_ravpnlogs_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index

Attribute Value
Custom Log V1 Yes 🔶 — uses type-suffixed column names
Ingestion API Supported ✓ Yes

Contents

Schema (34 columns)

Source: KQL validation test schema

Column Name Type
Any_Connect_Version_s string
asa_syslog_class_s string
asa_syslog_description_s string
ASA_Syslog_ID_s string
asa_syslog_severity_s string
Assigned_IP_s string
Assigned_IPv6_s string
AWS_Region_s string
Connected_At_t datetime
DAP_Connection_Type_s string
DAP_Record_Name_s string
Device_ID_s string
Disconnection_Reason_s string
Event_Type_s string
Failed_Reasons_s string
Host_Name_s string
log_message_s string
Machine_ID_s string
MSP_Organization_ID_s string
Organization_ID_s string
Origin_IDs_s string
Origin_Type_s string
OS_Version_s string
Public_IP_s string
Public_IPv6_s string
Retention_Days_d real
Security_Group_Tag_s string
Session_ID_s string
Session_Type_s string
Storage_Location_s string
TimeGenerated datetime
Timestamp_t datetime
User_ID_s string
VPN_Profile_s string

Solutions (1)

This table is used by the following solutions:

Connectors (2)

This table is ingested by the following connectors:

Connector Selection Criteria
Cisco Cloud Security
Cisco Cloud Security (using elastic premium plan)

Content Items Using This Table (31)

Analytic Rules (20)

GitHub Only:

Analytic Rule Selection Criteria
Cisco Cloud Security - Connection to Unpopular Website Detected
Cisco Cloud Security - Connection to non-corporate private network
Cisco Cloud Security - Crypto Miner User-Agent Detected
Cisco Cloud Security - Empty User Agent Detected
Cisco Cloud Security - Hack Tool User-Agent Detected
Cisco Cloud Security - Rare User Agent Detected
Cisco Cloud Security - Request Allowed to harmful/malicious URI category
Cisco Cloud Security - Request to blocklisted file type
Cisco Cloud Security - URI contains IP address
Cisco Cloud Security - Windows PowerShell User-Agent Detected
Cisco Umbrella - Connection to Unpopular Website Detected
Cisco Umbrella - Connection to non-corporate private network
Cisco Umbrella - Crypto Miner User-Agent Detected
Cisco Umbrella - Empty User Agent Detected
Cisco Umbrella - Hack Tool User-Agent Detected
Cisco Umbrella - Rare User Agent Detected
Cisco Umbrella - Request Allowed to harmful/malicious URI category
Cisco Umbrella - Request to blocklisted file type
Cisco Umbrella - URI contains IP address
Cisco Umbrella - Windows PowerShell User-Agent Detected

Hunting Queries (10)

In solution CiscoUmbrella:

Hunting Query Selection Criteria
Cisco Cloud Security - 'Blocked' User-Agents.
Cisco Cloud Security - Anomalous FQDNs for domain
Cisco Cloud Security - DNS Errors.
Cisco Cloud Security - DNS requests to unreliable categories.
Cisco Cloud Security - High values of Uploaded Data
Cisco Cloud Security - Higher values of count of the Same BytesIn size
Cisco Cloud Security - Possible connection to C2.
Cisco Cloud Security - Possible data exfiltration
Cisco Cloud Security - Proxy 'Allowed' to unreliable categories.
Cisco Cloud Security - Requests to uncategorized resources

Workbooks (1)

In solution CiscoUmbrella:

Workbook Selection Criteria
CiscoUmbrella

Parsers Using This Table (1)

Other Parsers (1)

Parser Solution Selection Criteria
Cisco_Umbrella CiscoUmbrella

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index