Skip to content

[cisco_asa] Trim quotes from user.name #12877

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
taylor-swanson merged 2 commits into from
Feb 24, 2025
Merged

[cisco_asa] Trim quotes from user.name #12877

taylor-swanson merged 2 commits into from
Feb 24, 2025

Conversation

@taylor-swanson
Copy link
Contributor

@taylor-swanson taylor-swanson commented Feb 24, 2025

Proposed commit message

  • Add gsub processor to trim extra quotes from beginning and end of user.name field.

Checklist

  • I have reviewed tips for building integrations and this pull request is aligned with them.
  • I have verified that all data streams collect metrics or logs.
  • I have added an entry to my package's changelog.yml file.
  • I have verified that Kibana version constraints are current according to guidelines.
    - [ ] I have verified that any added dashboard complies with Kibana's Dashboard good practices

How to test this PR locally

cd packages/cisco_asa elastic-package test

Related issues
@taylor-swanson
[cisco_asa] Trim quotes from user.name
b6fd61d 
- Add gsub processor to trim extra quotes from beginning and end of user.name field.
@taylor-swanson taylor-swanson added Integration:cisco_asa Cisco ASA bugfix Pull request that fixes a bug issue Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices] labels Feb 24, 2025
@taylor-swanson taylor-swanson self-assigned this Feb 24, 2025
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Feb 24, 2025

🚀 Benchmarks report

To see the full report comment with /test benchmark fullreport
@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Feb 24, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube
@elasticmachine
Copy link

elasticmachine commented Feb 24, 2025

💚 Build Succeeded

cc @taylor-swanson
@taylor-swanson taylor-swanson marked this pull request as ready for review February 24, 2025 16:26
@taylor-swanson taylor-swanson requested a review from a team as a code owner February 24, 2025 16:26
@elasticmachine
Copy link

elasticmachine commented Feb 24, 2025

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)
dwhyrock
dwhyrock approved these changes Feb 24, 2025
View reviewed changes
packages/cisco_asa/data_stream/log/_dev/test/pipeline/test-asa-fix.log
Jun 21 2022 11:47:08: %ASA-6-302015: Built inbound UDP connection 7 for outside:81.2.69.142/3424 (81.2.69.142/3424)(LOCAL\alice) to inside:89.160.20.112/9803 (89.160.20.112/9803) (bob)
Jun 21 2022 11:47:09: %ASA-6-302015: Built inbound UDP connection 7 for outside:81.2.69.142/3424 (81.2.69.142/3424)(LOCAL\alice, 123) to inside:89.160.20.112/9803 (89.160.20.112/9803)(LOCAL\dave, 246) (bob)
Apr 27 2020 02:03:03 dev01: %ASA-5-434004: SFR requested device to bypass further packet redirection and process TCP flow from sourceInterfaceName:81.2.69.144/8888 to destinationInterfaceName:192.168.2.2/123123 locally
<140>Feb 02 2025 14:02:35: %ASA-4-106103: access-list TEST_ACL_LIST denied tcp for user 'username' outside/81.2.69.142(51950) -> inside/89.160.20.112(443) hit-cnt 1 first hit [0xd3e666fa, 0x0]
Copy link
Contributor

@dwhyrock dwhyrock Feb 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume these IPs are in the allowed Geo IP list (which I can't seem to remember where that list is)?
Copy link
Contributor Author

@taylor-swanson taylor-swanson Feb 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, they can be found here: https://github.com/elastic/elastic-package/blob/main/internal/fields/_static/allowed_geo_ips.txt
@taylor-swanson taylor-swanson merged commit 54fad12 into elastic:main Feb 24, 2025
6 checks passed
@taylor-swanson taylor-swanson deleted the cisco_asa-quotes branch February 24, 2025 17:07
@elastic-vault-github-plugin-prod
Copy link

elastic-vault-github-plugin-prod bot commented Feb 24, 2025

Package cisco_asa - 2.42.2 containing this change is available at https://epr.elastic.co/package/cisco_asa/2.42.2/
flexitrev pushed a commit that referenced this pull request Mar 20, 2025
@taylor-swanson @flexitrev
[cisco_asa] Trim quotes from user.name (#12877)
c4d4b3f 
- Add gsub processor to trim extra quotes from beginning and end of user.name field.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bugfix Pull request that fixes a bug issue Integration:cisco_asa Cisco ASA Team:Security-Deployment and Devices DEPRECATED Deployment and Devices Security team [elastic/sec-deployment-and-devices]

3 participants

@taylor-swanson @elasticmachine @dwhyrock