Skip to content

[Cisco ISE]: Typo in processors in Passed Authentications pipeline #15708

New issue
New issue
Closed
Bug
#16016
Closed
[Cisco ISE]: Typo in processors in Passed Authentications pipeline#15708
Bug
#16016
Assignees
robester0403
Labels
Integration:cisco_iseCisco ISETeam:Integration-ExperienceSecurity Integrations Integration Experience [elastic/integration-experience]needs:triage
@tammytorbert

Description

@tammytorbert
tammytorbert
opened on Oct 22, 2025

Integration Name

Cisco ISE [cisco_ise]

Dataset Name

cisco_ise.log

Integration Version

1.29.0

Agent Version

9.1

Agent Output Type

elasticsearch

Elasticsearch Version

9.1

OS Version and Architecture

MacOS 15.06

Software/API Version

No response

Error Message

No response

Event Original

No response

What did you do?

Reviewing parser for customer and noticed the issue

What did you see?

In the passed authentications pipeline for cisco_ise, there are two processors that reference cisco_ise.log.endpoind.mac.address, this should be cisco_ise.log.endpoint.mac.address.

`

  • set:
    field: client.mac
    copy_from: cisco_ise.log.endpoint.mac.address
    ignore_failure: true
    ignore_empty_value: true
    • gsub:
      field: cisco_ise.log.endpoind.mac.address
      pattern: '[-:.]'
      replacement: '-'
      ignore_missing: true
    • uppercase:
      field: cisco_ise.log.endpoind.mac.address
      ignore_missing: true
      `

What did you expect to see?

Expect uppercase version of MAC Address.

Anything else?

No response

Metadata

Metadata

Assignees

Labels

Integration:cisco_iseCisco ISETeam:Integration-ExperienceSecurity Integrations Integration Experience [elastic/integration-experience]needs:triage

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions