LaZyDK
commented
1 year ago What is missing for you?
Open mr1716 opened 1 year ago
LaZyDK
commented
1 year ago What is missing for you?
mr1716
commented
1 year ago @LaZyDK everything not covered in the module!
LaZyDK
commented
1 year ago @mr1716 if you cannot explain exactly what you need and what value it will bring to the rest of FTD users, then nobody probably want to spend their time creating it for you.
mr1716
commented
1 year ago @LaZyDK the value is that there are a crazy number of log types and only a few are handled by the FTD logs. And the way that the FTD logs seem to work, is that they are very message ID specific. It limits the usefulness for its use. Therefore, if one were to implement it, they would probably need to add in extra work for their specific message id. The need is for more general work to be so that the module can easily parse messages that arent included as easily as the ones that are. If the module is extremely message_id specific, that needs to be noted.
elasticmachine
commented
1 year ago Pinging @elastic/security-external-integrations (Team:Security-External Integrations)
Here is a list of most if not all of the Cisco FTD message IDs and their applicable formats https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/b_fptd_syslog_guide.html
The Cisco FTD module does a good start it would be great if more event IDs were added for dissects and groks.