Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Cisco Firepower

 

The JSA Cisco Firepower Custom Properties Content Extension adds new custom event properties for Cisco Firepower.

JSA Cisco Firepower Content Extension V1.0.2

The File Directory custom property was given a new ID, to avoid a conflict with the File Directory custom property from the Cisco AMP content extension.

(Back to top)The JSA Cisco Firepower Custom Properties Content Extension adds new custom event properties for Cisco Firepower.

JSA Cisco Firepower Content Extension V1.0.1

The following table shows the new or updated custom properties in JSA Cisco Firepower Content Extension V1.0.1.

Table 1: New or Updated Custom Properties in JSA Cisco Firepower Content Extension V1.0.1

Name

Optimized

Capture Group

Regex

Blocked

False

1

blocked=(\d+)

BytesReceived

True

1

bytesReceived=(\d+)

BytesSent

True

1

bytesSent=(\d+)

Detection Engine Type

False

1

detectionEngineType=(.*?)\s*detectionEngine[a-zA-Z\.]*=

Disposition

False

1

disposition=(\d+)

File Direction

False

1

direction=(\d+)

File Directory

True

1

filePath=([^\t]*?)[^\\\/]*\t

File Hash

True

1

fileSHAHash=([^\s]+)

File Path

False

1

filePath=(.*?)\s*malwareEventData[a-zA-Z\.]*=

File Size

False

1

fileSize=(\d+)

Filename

True

1

fileName=(.*?)\s*malwareEventData[a-zA-Z\.]*=

Fingerprint UUID

False

1

fingerprintUUID=([^\s]+)

Login Type

False

1

loginType=(\d+)

Malware Event Type

False

1

malwareEventType=(.*?)\s*malwareEventData[a-zA-Z\.]*=

OS Name

False

1

osName=(.*?)\s*osFingerprint[a-zA-Z\.]*=

OS Vendor

False

1

osVendor=(.*?)\s*osFingerprint[a-zA-Z\.]*=

OS Version

False

1

osVersion=(.*?)\s*osFingerprint[a-zA-Z\.]*=

Packets Received

False

1

packetsReceived=(\d+)

Packets Sent

False

1

packetsSent=(\d+)

Priority

False

1

priorityId=(\d+)

Reported By

False

1

reportedBy=([^\s]+)

Rule Action

False

1

ruleAction=(\d+)

SSL Actual Action

True

1

sslActualAction=(\d+)

Threat Score

False

1

threatScore=(\d+)

User Protocol

False

1

protocolRef=(\d+)

(Back to top)The JSA Cisco Firepower Custom Properties Content Extension adds new custom event properties for Cisco Firepower.

JSA Cisco Firepower Content Extension V1.0.0

The following table shows the custom properties in JSA Cisco Firepower Content Extension V1.0.0.

Table 2: Custom Properties InJSA Cisco Firepower Content Extension V1.0.0

Name

Optimized

Capture Group

Regex

Action

True

1

action=(\d+)

Blocked

False

1

blocked=(\d+)

BytesReceived

False

1

bytesReceived=(\d+)

BytesSent

False

1

bytesSent=(\d+)

Detection Engine Type

False

1

detectionEngineType=(.*?)\s*detectionEngine[a-zA-Z\.]*=

Disposition

False

1

disposition=(\d+)

File Direction

False

1

direction=(\d+)

File Hash

False

1

fileSHAHash=([^\s]+)

File Path

False

1

filePath=(.*?)\s*malwareEventData[a-zA-Z\.]*=

File Size

False

1

fileSize=(\d+)

Filename

False

1

fileName=(.*?)\s*malwareEventData[a-zA-Z\.]*=

Fingerprint UUID

False

1

fingerprintUUID=([^\s]+)

Login Type

False

1

loginType=(\d+)

Malware Event Type

False

1

malwareEventType=(.*?)\s*malwareEventData[a-zA-Z\.]*=

OS Name

False

1

osName=(.*?)\s*osFingerprint[a-zA-Z\.]*=

OS Vendor

False

1

osVendor=(.*?)\s*osFingerprint[a-zA-Z\.]*=

OS Version

False

1

osVersion=(.*?)\s*osFingerprint[a-zA-Z\.]*=

Packets Received

False

1

packetsReceived=(\d+)

Packets Sent

False

1

packetsSent=(\d+)

Priority

False

1

priorityId=(\d+)

Reported By

False

1

reportedBy=([^\s]+)

Threat Score

False

1

threatScore=(\d+)

User Protocol

False

1

protocolRef=(\d+)

(Back to top)The JSA Cisco Firepower Custom Properties Content Extension adds new custom event properties for Cisco Firepower.

Related Documentation