{ "name": "cisco_asa", "title": "Cisco ASA", "version": "2.45.1", "release": "ga", "description": "Collect logs from Cisco ASA with Elastic Agent.", "type": "integration", "download": "/epr/cisco_asa/cisco_asa-2.45.1.zip", "path": "/package/cisco_asa/2.45.1", "icons": [ { "src": "/img/cisco.svg", "path": "/package/cisco_asa/2.45.1/img/cisco.svg", "title": "cisco", "size": "216x216", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.11.0 || ^9.0.0" } }, "owner": { "type": "elastic", "github": "elastic/integration-experience" }, "categories": [ "network", "security", "firewall_security" ], "signature_path": "/epr/cisco_asa/cisco_asa-2.45.1.zip.sig", "format_version": "3.0.3", "readme": "/package/cisco_asa/2.45.1/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/kibana-cisco-asa.png", "path": "/package/cisco_asa/2.45.1/img/kibana-cisco-asa.png", "title": "kibana cisco asa", "size": "1800x1559", "type": "image/png" } ], "assets": [ "/package/cisco_asa/2.45.1/LICENSE.txt", "/package/cisco_asa/2.45.1/changelog.yml", "/package/cisco_asa/2.45.1/manifest.yml", "/package/cisco_asa/2.45.1/validation.yml", "/package/cisco_asa/2.45.1/docs/README.md", "/package/cisco_asa/2.45.1/img/cisco.svg", "/package/cisco_asa/2.45.1/img/kibana-cisco-asa.png", "/package/cisco_asa/2.45.1/kibana/tags.yml", "/package/cisco_asa/2.45.1/data_stream/log/manifest.yml", "/package/cisco_asa/2.45.1/data_stream/log/sample_event.json", "/package/cisco_asa/2.45.1/docs/knowledge_base/service_info.md", "/package/cisco_asa/2.45.1/kibana/dashboard/cisco_asa-a555b160-4987-11e9-b8ce-ed898b5ef295.json", "/package/cisco_asa/2.45.1/kibana/search/cisco_asa-14fce5e0-498f-11e9-b8ce-ed898b5ef295.json", "/package/cisco_asa/2.45.1/kibana/search/cisco_asa-753406e0-4986-11e9-b8ce-ed898b5ef295.json", "/package/cisco_asa/2.45.1/kibana/search/cisco_asa-96c6ff60-4986-11e9-b8ce-ed898b5ef295.json", "/package/cisco_asa/2.45.1/data_stream/log/fields/agent.yml", "/package/cisco_asa/2.45.1/data_stream/log/fields/base-fields.yml", "/package/cisco_asa/2.45.1/data_stream/log/fields/ecs.yml", "/package/cisco_asa/2.45.1/data_stream/log/fields/fields.yml", "/package/cisco_asa/2.45.1/data_stream/log/agent/stream/stream.yml.hbs", "/package/cisco_asa/2.45.1/data_stream/log/agent/stream/tcp.yml.hbs", "/package/cisco_asa/2.45.1/data_stream/log/agent/stream/udp.yml.hbs", "/package/cisco_asa/2.45.1/data_stream/log/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "cisco_asa", "title": "Cisco ASA logs", "description": "Collect logs from Cisco ASA instances", "inputs": [ { "type": "tcp", "title": "Collect logs from Cisco ASA via TCP", "description": "Collecting logs from Cisco ASA via TCP" }, { "type": "udp", "title": "Collect logs from Cisco ASA via UDP", "description": "Collecting logs from Cisco ASA via UDP" }, { "type": "logfile", "title": "Collect logs from Cisco ASA via file", "description": "Collecting logs from Cisco ASA via file" } ], "multiple": true } ], "data_streams": [ { "type": "logs", "dataset": "cisco_asa.log", "title": "Cisco ASA logs", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "udp", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "cisco-asa", "forwarded" ] }, { "name": "udp_host", "type": "text", "title": "Listen Address", "description": "The bind address to listen for UDP connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "udp_port", "type": "integer", "title": "Listen Port", "description": "The UDP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 9001 }, { "name": "internal_zones", "type": "text", "title": "Internal Zones", "multi": true, "required": false, "show_user": false }, { "name": "external_zones", "type": "text", "title": "External Zones", "multi": true, "required": false, "show_user": false }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "keep_message", "type": "bool", "title": "Preserve searchable message text.", "description": "Preserves the log message in a searchable field, `cisco.asa.full_message`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "udp_options", "type": "yaml", "title": "Custom UDP Options", "description": "Specify custom configuration options for the UDP input.", "multi": false, "required": false, "show_user": false, "default": "#read_buffer: 100MiB\n#max_message_size: 50KiB\n#timeout: 300s\n" }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "tz_offset", "type": "text", "title": "Default Time Zone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": false, "show_user": false, "default": "UTC" }, { "name": "tz_map", "type": "yaml", "title": "Time Zone Map", "description": "A combination of time zones as they appear in the Cisco ASA log, in combination with a proper IANA time zone or offset (for example, Australia/Sydney or +10:00).", "multi": false, "required": false, "show_user": false, "default": "#- tz_short: AEST\n# tz_long: Australia/Sydney\n" } ], "template_path": "udp.yml.hbs", "title": "Cisco ASA logs", "description": "Collect Cisco ASA logs", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "tcp", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "cisco-asa", "forwarded" ] }, { "name": "tcp_host", "type": "text", "title": "Listen Address", "description": "The bind address to listen for TCP connections. Set to `0.0.0.0` to bind to all available interfaces.", "multi": false, "required": true, "show_user": true, "default": "localhost" }, { "name": "tcp_port", "type": "integer", "title": "Listen Port", "description": "The TCP port number to listen on.", "multi": false, "required": true, "show_user": true, "default": 9001 }, { "name": "internal_zones", "type": "text", "title": "Internal Zones", "multi": true, "required": false, "show_user": false }, { "name": "external_zones", "type": "text", "title": "External Zones", "multi": true, "required": false, "show_user": false }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "keep_message", "type": "bool", "title": "Preserve searchable message text.", "description": "Preserves the log message in a searchable field, `cisco.asa.full_message`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", "multi": false, "required": false, "show_user": false }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate: \"/etc/server/cert.pem\"\n#key: \"/etc/server/key.pem\"\n" }, { "name": "tcp_options", "type": "yaml", "title": "Custom TCP Options", "description": "Specify custom configuration options for the TCP input. See [TCP](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-tcp.html) for details.", "multi": false, "required": false, "show_user": false, "default": "#max_connections: 1\n#framing: delimiter\n#line_delimiter: \"\\n\"\n" }, { "name": "tz_offset", "type": "text", "title": "Default Time Zone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": false, "show_user": false, "default": "UTC" }, { "name": "tz_map", "type": "yaml", "title": "Time Zone Map", "description": "A combination of time zones as they appear in the Cisco ASA log, in combination with a proper IANA time zone or offset (for example, Australia/Sydney or +10:00).", "multi": false, "required": false, "show_user": false, "default": "#- tz_short: AEST\n# tz_long: Australia/Sydney\n" } ], "template_path": "tcp.yml.hbs", "title": "Cisco ASA logs", "description": "Collect Cisco ASA logs", "enabled": true, "ingestion_method": "Network Protocol" }, { "input": "logfile", "vars": [ { "name": "paths", "type": "text", "title": "Paths", "multi": true, "required": true, "show_user": true, "default": [ "/var/log/cisco-asa.log" ] }, { "name": "internal_zones", "type": "text", "title": "Internal Zones", "multi": true, "required": false, "show_user": false, "default": [ "trust" ] }, { "name": "external_zones", "type": "text", "title": "External Zones", "multi": true, "required": false, "show_user": false, "default": [ "untrust" ] }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "cisco-asa", "forwarded" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "keep_message", "type": "bool", "title": "Preserve searchable message text.", "description": "Preserves the log message in a searchable field, `cisco.asa.full_message`", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false }, { "name": "tz_offset", "type": "text", "title": "Default Time Zone", "description": "IANA time zone or time offset (e.g. `+0200`) to use when interpreting syslog timestamps without a time zone.", "multi": false, "required": false, "show_user": false, "default": "UTC" }, { "name": "tz_map", "type": "yaml", "title": "Time Zone Map", "description": "A combination of time zones as they appear in the Cisco ASA log, in combination with a proper IANA time zone or offset (for example, Australia/Sydney or +10:00).", "multi": false, "required": false, "show_user": false, "default": "#- tz_short: AEST\n# tz_long: Australia/Sydney\n" } ], "template_path": "stream.yml.hbs", "title": "Cisco ASA logs", "description": "Collect Cisco ASA logs from file", "enabled": false, "ingestion_method": "File" } ], "package": "cisco_asa", "path": "log" } ] }