search

elastic / beats

:tropical_fish: Beats - Lightweight shippers for Elasticsearch & Logstash
https://www.elastic.co/products/beats
Other
12.14k stars 4.91k forks source link

Support Cisco FMC fileset #34010

Open tipy486 opened 1 year ago

tipy486 commented 1 year ago

Describe the enhancement: Cisco firewalls are managed by the Cisco Firepower Management Center (FMC) Security events such as intrusion events and security intelligence events are logged from the FMC itself instead of the FTD-device, which is already supported in the Cisco Filebeat Module. The logs from the FMC does not fit the current module, and the entire log ends up in "log.orginal" which is not indexed or searchable. Describe a specific use case for the enhancement or feature: Being able to index, search, and use Elastic in a more comprehensive way in the SOC. Make visualizations and dashboards to better support the IRT-team when investigating incidents.

elasticmachine commented 1 year ago

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

barovski commented 9 months ago

I'm also interested, any progress after a year ?

jamiehynds commented 9 months ago

@barovski we don't currently have access to sample data from a Firepower Management Center. If you're willing to provide a broad set of sample data you'd like to cover, we can assess the feasibility of supporting FMC.

barovski commented 8 months ago

@jamiehynds sample data of intrusion event is attached Intrusion_Event.json .zip

elasticmachine commented 7 months ago

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)