Mappings: Firepower Intrusion Events
Input | Value |
---|---|
Vendor | Cisco |
Product | Firepower |
Log Format | JSON |
Event ID Regex Pattern | ^430001$ |
Output | Value |
---|---|
Vendor | Cisco Systems |
Product | Firepower |
Record Type | Network |
Cloud SIEM Schema Field | Original Record Key | Notes |
---|---|---|
action | InlineResult | |
device_ip | SrcIP | |
dstDevice_ip | DstIP | |
dstPort | DstPort | |
ipProtocol | Protocol | |
normalizedSeverity | Priority | This is a lookup field. More info to come in the catalog later... |
severity | Priority | |
srcDevice_ip | SrcIP | |
srcPort | SrcPort | |
threat_category | Classification | |
threat_name | Message | |
threat_ruleType | None | The static text intrusion is populated in this schema field. |
user_username | User |