Splunk® Supported Add-ons

Splunk Add-on for Cisco ASA


Source and event types for the Splunk Add-on for Cisco ASA

The Splunk Add-on for Cisco ASA provides the following source types:


Source type Description Event type CIM data models
cisco:asa Events coming from TCP/ UDP/ SC4S. See "CIM compatibility of Cisco ASA message IDs" for information about Cisco ASA message IDs. cisco_authentication, cisco_authentication_privileged Authentication
cisco_connection Network Traffic
cisco_asa_audit_change cisco_asa_configuration_change Change
cisco_asa_network_sessions, cisco_vpn_start cisco_vpn, cisco_vpn_end Network Sessions
cisco_asa_certificates Certificates
cisco_intrusion Intrusion Detection
cisco_asa_alert Alerts

CIM compatibility of Cisco ASA events

The table below describes the CIM data models mapped to the respective Cisco ASA event types.

Event type CIM Data Model
[cisco_authentication_privileged]

113021

[cisco_authentication] 113008,113005,113004,605004,713198,716047,611101,109031,713185,713167,772004,113012,772002,605005,716038,713166,716039,772003

Authentication
[cisco_connection]

109025,302015,710005,106023,302020,302013,302014,305012,400013,313001,313005,106012,338002,106103,106006,710003,302016,313009,500003,302021,106014,110002,303002,305013,106100,313004,106021,419003,106007,106001,419002,305011,710002,106015,106020,338301

Network Traffic
[cisco_asa_audit_change] 505015,771002,502112,505009,502102,111010,502103,111009,505004,502111,111004,502101,111001

[cisco_asa_configuration_change] 505015,505007,505006,505005,113003,502112,504001,505008,505009,505001,500002,502102,500001,505003,505002,505004,502111,504002,502101

Change
[cisco_asa_network_sessions]

609001,725007,722028,609002,716058,751025,725003,716059,722030,722029,722037,722031

[cisco_vpn_start] 716001,113039,602303,722022,722034,722033

[cisco_vpn] 713228,722051

[cisco_vpn_end] 113019,602304,722023,716002

Network Sessions
[cisco_asa_certificates]

717022,717009,717029,717027,717028,717037

Certificates
[cisco_intrusion]

400032,106017,106016

Intrusion Detection
cisco_asa_alert

405001,110003

Alerts
Last modified on 29 May, 2024
Use the Troubleshooting dashboard   Lookups for the Splunk Add-on for Cisco ASA

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released, released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters