Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
868
Views
0
Helpful
1
Replies

Open Cybersecurity Schema Framework (OCSF) Firepower ASA log examples?

Bronette
Level 1
Level 1

‎05-17-2023 08:03 AM - edited ‎05-17-2023 08:04 AM

I have some Cisco ASA and Firepower logs, and I am attempting to ingest these into the Amazon data lake. To ingest these logs into the Amazon Data lake they must be converted to the Open Cybersecurity Schema Framework (OCSF) format. There Great blog here on the Cisco and Amazon partnership with more background: https://blogs.cisco.com/security/cisco-joins-amazon-web-services-aws-for-the-launch-of-security-lake

To ingest these into the Amazon data lake, they first must be converted into the OCSF log format which has definitions defined here: https://schema.ocsf.io/ . The OCSF log is a JSON based log and the organization has provided a sample log for an Amazon VPC Log. https://github.com/ocsf/examples/blob/main/Network%20Activity/Network%20Activity/AWS/VPC%20Flowlogs/vpcflowlog.json

The problem is I do not have any examples of a Firepower and ASA log converted into the OCSF format. Does anyone have any examples/field mappings/schemas of what a Cisco ASA/Firepower log would look like when converted into OCSF? 

 

 

1 person had this problem
0 Helpful
1 Reply 1

bsaurusrex
Level 1
Level 1

‎02-22-2024 06:40 PM

Hello, 

Did you ever come to any conclusion on this?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card