Cisco FirePOWER GROK Extractors for Graylog
Other Solutions
Cisco FirePOWER Grok Extractors for Graylog
Published
04 Nov 14:57
Last Push
06 Oct 11:37
Marketplace Rating
Discussion
4 Comments
Your Rating
Please sign in to rate this add-on.
Comments
Hi, Love your work I have a couple of quick questions. I am trying to have these working with version 2.3 however it does not seem to be working. I am mainly looking at extracting Malware source ip, destination ip and malware threat name, however the parameters seem to not work. any tips on how this can be done or do you have other extractors for this. Regards
UPDATED: Added more lines to catch all HTTP/HTTPS traffic from syslog. Seems to be getting 100% of web traffic now, or close to it.
My first attempt at making an extractor for Graylog.
Tested and (mostly) working, probably horribly inefficient, but working well in our small, 1-firewall environment on FirePOWER version 6.1.0-330, and from what I gather, different versions can be problematic since the extractors that were already posted up on GitHub weren't working for me and were built on a slightly older 6.x version.
Open to comments, criticism, etc. I'm a network admin, not a developer.
Please sign in to comment.
Hi, I managed to create some extractors to get out what I was after. Again, they may be inefficient but I am happy to upload these for people if they would like them.