v-rusraut
commented
3 months ago Hi @RajakiRani, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 21-06-2024. Thanks!
Closed RajakiRani closed 2 months ago
v-rusraut
commented
3 months ago Hi @RajakiRani, Thanks for flagging this issue, we will investigate this issue and get back to you with some updates by 21-06-2024. Thanks!
v-rusraut
commented
3 months ago Hi @RajakiRani, We required logs to investigate more on this issue, please share the logs with us on mail id. v-rusraut@microsoft.com Thanks
v-rusraut
commented
3 months ago Hi @RajakiRani, We are waiting for response from you. Thanks
v-sudkharat
commented
3 months ago Hi @RajakiRani, Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond to it in the next 2 days. If we don't receive a response by 05-07-2024 date, we will be closing this issue.
Thanks!
RajakiRani
commented
3 months ago %FTD-6-305011: Built dynamic TCP translation from INSIDE:10.30.30.30/39893 to OUTSIDE:8.8.8.8/53 %FTD-6-305012: Teardown dynamic UDP translation from INSIDE:10.30.30.30/50752 to OUTSIDE:17.17.17.17/50752 duration 0:00:00 %FTD-6-852002: Received Full Proxy to Lightweight event from application Snort for TCP flow 10.30.30.30/7386 to 192.168.100.100/474787
v-sudkharat
commented
2 months ago @RajakiRani, It's possible to share logs in csv format with us in below mail id so we can repro the same from our end. Thank! v-rusraut@microsoft.com
v-sudkharat
commented
2 months ago @RajakiRani, Waiting for your response, please share logs so we can repro this issue from our end. Thanks!
v-sudkharat
commented
2 months ago Hi @RajakiRani, Gentle Reminder: We are waiting for your response on this issue. If you still need to keep this issue active, please respond to it in the next 2 days. If we don't receive a response by 17-07-2024 date, we will be closing this issue. Thanks!
v-sudkharat
commented
2 months ago Hi @RajakiRani, since we have not received a response in the last 5 days, we are closing your issue as per our standard operating procedures. If you still need support for this issue, feel free to re-open at any time. Thank you for your co-operation.
Is your feature request related to a problem? Please describe. We have onboarded Cisco ASA logs into sentinel using data connector "Cisco ASA via Legacy Agent" but currently haven't found any parsers that will parse all the cisco ASA/FTD logs, none of the logs were getting parsed.
Describe the solution you'd like Is there any Query which will parse all the fields, or do we need to onboard it through different method to get all logs parsed ? Any other solution is appreciated.
Describe alternatives you've considered Tried multiple ways to build KQL query to parse the individuals fields but couldn't combine them into a single KQL query to see all the possible fields but got stuck. Also tried to build different function but unfortunately even that didn't worked.
Additional context For building analytical rules and Workbook I was using the following KQL operators _| extend SourceIP = extract("REGEX", 0, Message) but while reviewing ASA logs I found that single regex wont be useful here according to logs i have to write these much but cant combine them.