Splunk® Supported Add-ons

Splunk Add-on for Cisco ASA

Release notes for the Splunk Add-on for Cisco ASA

Version 5.2.0 of the Splunk Add-on for Cisco ASA was released on May 30, 2024.

Compatibility

Version 5.2.0 of the Splunk Add-on for Cisco ASA is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 9.2.x, 9.1.x
CIM 5.3.2
Supported OS for data collection OS independent
Vendor products Cisco ASA v9.12, v9.13, v9.16, v9.17, v9.20(2)
Supported Cisco ASA event message_ids 106001, 106006, 106007, 106012, 106014, 106015, 106016, 106017, 106020, 106021, 106023, 106100, 106103, 109025, 109031, 110002, 110003, 111001, 111004, 111008, 111009, 111010, 113003, 113004, 113005, 113008, 113009, 113011, 113012, 113019, 113021, 113039, 201008, 302010, 302013, 302014, 302015, 302016, 302020, 302021, 303002, 304001, 305009, 305010, 305011, 305012, 305013, 313001, 313004, 313005, 313009, 314001, 338002, 338301, 338302, 400013, 400032, 402119, 405001, 419002, 419003, 500001, 500002, 500003, 500004, 502101, 502102, 502103, 502111, 502112, 504001, 504002, 505001, 505002, 505003, 505004, 505005, 505006, 505007, 505008, 505009, 505010, 505011, 505012, 505013, 505014, 505015, 505016, 506001, 507003, 602101, 602303, 602304, 605004, 605005, 607001, 608001, 609001, 609002, 611101, 702307, 710002, 710003, 710005, 710006, 711004, 713041, 713049, 713075, 713119, 713120, 713121, 713130, 713154, 713160, 713162, 713163, 713166, 713167, 713172, 713184, 713185, 713198, 713199, 713228, 713236, 713903, 713905, 713906, 714002, 714004, 714006, 714011, 715001, 715006, 715007, 715009, 715038, 715046, 715047, 715048, 715049, 715065, 715076, 715077, 715080, 716001, 716002, 716014, 716015, 716016, 716038, 716039, 716047, 716058, 716059, 716603, 717009, 717016, 717022, 717024, 717025, 717027, 717028, 717029, 717030, 717036, 717037, 717056, 720041, 722001, 722003, 722010, 722011, 722012, 722022, 722023, 722028, 722029, 722030, 722031, 722032, 722033, 722034, 722036, 722037, 722041, 722051, 722053, 722055, 725001, 725002, 725003, 725006, 725007, 725008, 725010, 725011, 725012, 725014, 725016, 725017, 733100, 734001, 734003, 737001, 737003, 737006, 737016, 737026, 737034, 737035, 746012, 746013, 746014, 746015, 746016, 751025, 751026, 771002, 772002, 772003, 772004, 805001, 805002, 805003

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.


New or changed features

The Splunk Add-on for Cisco ASA 5.2.0 introduces the following field changes.

  • Improved performance of the search-time mapping of "src" field
  • Support the latest version of Cisco ASA v9.20(2)
  • Support the newest version of CIM v5.3.2
  • Introduced a built-in dashboard to give insights of the Add-On
    • Add-on version installed
    • Total number of Cisco ASA events ingested in Splunk
    • Time-series graph of the Cisco ASA events ingested in Splunk
    • Number of events ingested in respective of index and source
    • Top 10 message IDs
    • Trends of events by index
    • CIM supported events

Field Changes

The Splunk Add-on for Cisco ASA 5.2.0 introduces the following field changes.

Sourcetype message_id Fields v1 v2
Added Fields Modified Fields Removed Fields
['cisco:asa'] 609001 Cisco_ASA_vendor_action, laction, dest, Cisco_ASA_action, action, dest_host, zone, vendor_action
['cisco:asa'] 711004 process_name, instruction_pointer, cpu_hog_length
['cisco:asa'] 722022 src Cisco_ASA_action, action added, added started, started
['cisco:asa'] 722037, 722023 src, src_ip Cisco_ASA_action, action dest_ip, dest blocked, blocked ended, ended
['cisco:asa'] 722028 src, src_ip Cisco_ASA_action, action dest_ip, dest blocked, blocked ended, ended
['cisco:asa'] 722029 Cisco_ASA_action, action dest, dest_host blocked, blocked ended, ended
['cisco:asa'] 722036 src, src_ip dest_ip, dest

Fixed issues

Version 5.2.0 of the Splunk Add-on for Cisco ASA fixes the following issues:

Ticket number Description
ADDON-68819 [cisco-asa] Reference cycle messages provoked by Splunk_TA_cisco-asa and TA-tenable automatic lookups.
ADDON-64809 Splunk Add-on for Cisco ASA customer suggested enhancements.


Known issues

Version 5.2.0 of the Splunk Add-on for Cisco ASA has the following known issues:

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for Cisco ASA third-party software credits.

Last modified on 29 May, 2024
Lookups for the Splunk Add-on for Cisco ASA   Release history for the Splunk Add-on for Cisco ASA

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters