search

utmstack / UTMStack

Customizable SIEM and XDR powered by Real-Time correlation and Threat Intelligence
https://utmstack.com
GNU Affero General Public License v3.0
196 stars 18 forks source link

[BUG] Meraki logs not being filtered #686

Closed RathHunt closed 1 month ago

RathHunt commented 1 month ago

Describe the bug

Cisco Meraki logs are not being caught by the Logstash filter. The logs remain in the generic category despite attempts to filter them.

To Reproduce

Steps to reproduce the behavior:

Send Meraki logs to the utmstack agent See that the logs are not being filtered and remain in the generic category

Expected behavior

The expected behavior is that the Cisco Meraki logs would be filtered out from the generic category and categorized appropriately.

Screenshots

image

Environment

OS: [Please specify] Browser: [Please specify] Version: [Please specify] Additional context

The specific log entry that was tested is: 1377449842.514782056 MX84 ids-alerts signature=129:4:1 priority=1 timestamp=1377449842.512569 direction=ingress protocol=tcp/ip src=74.125.140.132:80

c3s4rfred commented 1 month ago

The log wasn't sent with the correct format, also the integration wasn't active.