[cisco_asa]: Username captured contains quotes #12576
Labels
bug
Something isn't working, use only for issues
Integration:cisco_asa
Cisco ASA
Team:Security-Deployment and Devices
Deployment and Devices Security team [elastic/sec-deployment-and-devices]
Comments
andrewkroh
added
Integration:cisco_asa
|
Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices) |
taylor-swanson
added
bug
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Integration Name
Cisco ASA [cisco_asa]
Dataset Name
cisco_asa.log
Integration Version
2.41.0
Agent Version
8.17.1
Agent Output Type
elasticsearch
Elasticsearch Version
8.17.1
OS Version and Architecture
Ubuntu 22.04 LTS
Software/API Version
Cisco ASA
Error Message
No errors encountered.
Event Original
<140>Dec 22 2024 21:49:35: %ASA-4-106103: access-list #ACSACL#-IP-HeartBase_ACL-61799a35 denied tcp for user 'dlew2' outside/10.122.1.1(51950) -> inside/201.3.120.29(443) hit-cnt 1 first hit [0xd3e666fa, 0x0]
<140>Dec 22 2024 21:49:35: %ASA-4-106103: access-list VPN-FILTER-ACL denied udp for user 'alewis' outside/10.122.22.150(137) -> outside/10.129.30.255(137) hit-cnt 1 first hit [0x37222895, 0xc5eddc02]
What did you do?
Default configuration
What did you see?
The
related.useranduser.namefields get parsed, but the quotes are also included in the username themselves.What did you expect to see?
The quotes should be left out of the username and not be included.
Anything else?
No response
The text was updated successfully, but these errors were encountered: