Cherry-pick #13476 to 7.4: [SIEM] [Filebeat] Fix Cisco FTD/ASA parsing of msg 302021 #13557

adriansr · 2019-09-09T17:25:25Z

Cherry-pick of PR #13476 to 7.4 branch. Original message:

The pattern for ASA message 302021 contained a few errors:

source and destination swapped.
storing ICMP codes as port numbers.
didn't support hostnames in place of IPs.

) The pattern for ASA message 302021 contained a few errors: - source and destination swapped. - storing ICMP codes as port numbers. - didn't support hostnames in place of IPs. Fixes elastic#13259 (cherry picked from commit e0c705c)

) (elastic#13557) The pattern for ASA message 302021 contained a few errors: - source and destination swapped. - storing ICMP codes as port numbers. - didn't support hostnames in place of IPs. Fixes elastic#13259 (cherry picked from commit b5d8842)

adriansr requested a review from a team as a code owner September 9, 2019 17:25

adriansr added backport review labels Sep 9, 2019

andrewkroh approved these changes Sep 9, 2019

View reviewed changes

adriansr merged commit 9e3963a into elastic:7.4 Sep 10, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Cherry-pick #13476 to 7.4: [SIEM] [Filebeat] Fix Cisco FTD/ASA parsing of msg 302021 #13557

Cherry-pick #13476 to 7.4: [SIEM] [Filebeat] Fix Cisco FTD/ASA parsing of msg 302021 #13557

adriansr commented Sep 9, 2019

Cherry-pick #13476 to 7.4: [SIEM] [Filebeat] Fix Cisco FTD/ASA parsing of msg 302021 #13557

Cherry-pick #13476 to 7.4: [SIEM] [Filebeat] Fix Cisco FTD/ASA parsing of msg 302021 #13557

Conversation

adriansr commented Sep 9, 2019