Back to listing

Cisco FirePOWER GROK Extractors for Graylog

Other Solutions

Cisco FirePOWER Grok Extractors for Graylog

mrjohnson1024
free!

Published

04 Nov 14:57

Last Push

06 Oct 11:37

Marketplace Rating

Discussion

4 Comments

Your Rating

Please sign in to rate this add-on.

Comments

jezzadb about 2 years ago

Hi, I managed to create some extractors to get out what I was after. Again, they may be inefficient but I am happy to upload these for people if they would like them.

jezzadb about 2 years ago

Hi, Love your work I have a couple of quick questions. I am trying to have these working with version 2.3 however it does not seem to be working. I am mainly looking at extracting Malware source ip, destination ip and malware threat name, however the parameters seem to not work. any tips on how this can be done or do you have other extractors for this. Regards

mrjohnson1024 about 2 years ago

UPDATED: Added more lines to catch all HTTP/HTTPS traffic from syslog. Seems to be getting 100% of web traffic now, or close to it.

mrjohnson1024 almost 3 years ago

My first attempt at making an extractor for Graylog.

Tested and (mostly) working, probably horribly inefficient, but working well in our small, 1-firewall environment on FirePOWER version 6.1.0-330, and from what I gather, different versions can be problematic since the extractors that were already posted up on GitHub weren't working for me and were built on a slightly older 6.x version.

Open to comments, criticism, etc. I'm a network admin, not a developer.

Please sign in to comment.

Back to listing