search

criblpacks / cribl-cisco-asa-cleanup

Drop, Extract, Suppress based on certain ASA codes in lookup tables
Apache License 2.0
0 stars 2 forks source link

Syntax errors in asa_parsing.csv #3

Open adamagnew opened 1 month ago

adamagnew commented 1 month ago

There appears to be syntax errors on these lines in asa_parsing.csv, due to missing '>' and '<' characters

-    Regex          106021: Deny (?<transport\w+) reverse path check from (?<src_ip>[0-9.]+) to (?<dest_ip>[0-9.]+) on interface (?<interface>.*)
+    Regex          106021: Deny (?<transport>\w+) reverse path check from (?<src_ip>[0-9.]+) to (?<dest_ip>[0-9.]+) on interface (?<interface>.*)

-    Regex          106022: Deny (?<transport\w+) connection spoof from (?<src_ip>[0-9.]+) to (?<dest_ip>[0-9.]+) on interface (?<interface>.*)
+    Regex          106022: Deny (?<transport>\w+) connection spoof from (?<src_ip>[0-9.]+) to (?<dest_ip>[0-9.]+) on interface (?<interface>.*)

-    Regex          "313004: (?<action>\w+) (?<transport>\w+) type=(?<icmp_type>\d+)  from (?<src_ip>[0-9.]+) on interface (?<src_interface>\S+) to (?dest_ip>[0-9.]+)"
+    Regex          "313004: (?<action>\w+) (?<transport>\w+) type=(?<icmp_type>\d+)  from (?<src_ip>[0-9.]+) on interface (?<src_interface>\S+) to (?<dest_ip>[0-9.]+)"
camrunr commented 1 month ago

Thank you! Good catch!

camrunr commented 1 month ago

Fixed! Submitted to packs.cribl.io, waiting for approval for publish