Logo
Sign in
  1. Logpoint Service Desk
  2. Products Hub
  3. Marketplace
default.png

Cisco

Cisco allows you to monitor and identify threats to your organization using Cisco data. Logpoint aggregates and normalizes the Cisco logs so you can analyze the information through dashboards. Cisco dashboards visualize event details for network, user authentication, intrusion prevention systems, email security, VPN, endpoint security, wireless and other Cisco collaboration solutions.

Key Information

  • When configuring the normalization policy, select LP_Cisco PIXASA first and LP_Cisco PIX/ASA second, followed by other normalization packages to prevent normalization issues.
  • Activate the label packages to apply labels and group similar logs together. To learn how to activate the label package, go to Activating Labels Packages.
  • The EmailParser should be configured in the device for using CiscoIronPortESGCompiledNormalizer.
Release Details
Version: 5.6.0
Release date: March 31, 2025
Supported On: Logpoint v7.4.0 or later
Documentation: Cisco guide
SHA 256: 6bf2876eaea990a5290b86f635cfbc7ce2aa52c8c23201ac14fb06894df9c4eb
Download

 

 

 

 

 

 

 

 

 

Bug Fixes

Description Issue ID Reference ID

Some Cisco Firepower logs were not normalized by CiscoFirepowerNormalizer

PLUG-13274, PLUG-13244, PLUG-16186

86208, 86076, 77731

The firewall’s hostname was not extracted by the Cisco normalizers.

 

PLUG-16128

78476

Past Releases

Cisco v5.5.0

Release Date: Oct 21, 2024

Download: Cisco_5.5.0.pak

SHA256: 3b50f25736a745a52cbf29175a1e163948500a1ca20f3cc691d848d0c3198f04

Enhancements

Enhancement

Description Issue ID Reference ID
For Cisco Identity Services Engine (ISE), the authentication and status fields were not normalized.

PLUG-11999

84859

Cisco v5.4.0

Release Date: April 26, 2024

Download: Cisco_5.4.0.pak

SHA256: 7ab055ab0d9a2e2430e9b55fa799b2f5b62bffa0b7541833a67d182f232d770d

Enhancement

Description Issue ID Reference ID
Added Syslog Collector based Cisco and CiscoEmail log source templates, simplifying the log source configuration process. To learn more, go to Creating Log Source via a Template.

KB-22622

-

 

Cisco v5.3.0

Release Date: September 01, 2023

Download: Cisco_5.3.0.pak

SHA256: 424920535a5505c925690777643ab6692a63a433e220f3a3f3f1f293efc96243

Enhancements

Description

Issue ID Reference ID

Renamed the following fields in CiscoISENormalizer, CiscoISENormalizer and CiscoFirepowerNormalizer: 

Former Field Name Updated Field Name
ISELocalAddress local_address
ISELocalPort  local_port
ISEModuleName  module
ISEServiceName service
PeerAddress peer_address
PeerName  peer_name
ConnectionStatus  status
UniqueConnectionIdentifier unique_connection_id
FailureReason failure_reason
AcsInstance acs_instance
SysStatsAcsProcessHealth acs_process_health
OperationMessageText operation_message
user_name user

host

log_host

hostname

host

 

KB-21703, KB-21285, KB-21962 75265, 76857

Added new labels in CiscoISENormalizer for the event IDs 61025, 61026, 70000, 70001, 70002, 70010 and 70011.

KB-18420 69408

The host information from the syslog header of Cisco PIXASA Firewall logs is now normalized as log_host field by CiscoPIXASACompiledNormalizer. 

KB-20169, KB-20227 72986, 73128

The Subject field containing MIME encoded values is decoded and normalized by CiscoIronPortESGCompiledNormalizer. 

KB-21084 74979, 74400, 75122

Added new signatures in LP_Cisco IronPort Web App, LP_Cisco Switch, LP_Cisco Switch Generic and LP_Cisco Firepower Management Centre to normalize IronPort Web App, Cisco Switch and Firepower Management Centre logs.

KB-21527, KB-21406, KB-20577, KB-21394  75728, 74731, 73738, 75231

Updated CiscoPIXASACompiledNormalizer to normalize the user and domain fields.

KB-20776 73863
The file, malware and threat_status fields are now normalized by CiscoIronPortESGCompiledNormalizer. KB-18990 70349, 74283
Added Threat and Detect labels in CiscoIronPortESGCompiledNormalizer for events where threat_status field value is positive.

Added new labels for event ID 61025 and removed Health label in CiscoISENormalizer.

KB-21700

-

Bug Fix

Description Issue ID Reference ID

Some Cisco PIXASA logs with event ID 302013 were not normalized by CiscoPIXASACompiledNormalizer and LP_Cisco PIXASA. 

KB-20418 73350

Cisco v5.2.0

Release Date: Aug 4, 2022

Download: Cisco_5.2.0.pak

SHA256: 4b1ccdd52bbf179a2b0c5c86c6ced80ed56352c03c093e7255c767e9122a59bf

Enhancements

Description Issue ID Reference ID

Updated the CiscoFirepowerNormalizer to support Cisco Firepower Management Center logs that were previously supported by CiscoFirepower normalization packages. 

KB-13076 -

Added new signatures in LP_Cisco Meraki MX Security Appliance to normalize Cisco Meraki logs. Also, renamed the following labels: 

KB-16778 -
Former Labels Updated Labels
label VPN

dst

destination_address
request_type icmp_type

Improved the normalization performance of CiscoFirepowerNormalizer by six folds.

KB-13215 -

Added new signatures in LP_Cisco IronPort Web App to normalize Cisco IronPort Web App logs. Also, updated signatures in CiscoIronPortWebAppCompiledNormalizer to support new Cisco IronPort Web App log format.

KB-16211

-

Updated the signature by adding relevant fields in the LP_Cisco IronPort Web Appliance to normalize Cisco Secure Web Appliance Access new log format. 

KB-17087 66898

Bug Fixes

The following issues are fixed:

Description Issue ID Reference ID

CiscoPIXASACompiledNormalizer did not properly normalize some CISCO PIX ASA logs.

KB-14337, KB-16352 65020
CiscoFirepowerNormalizer did not correctly normalize some Cisco Firepower and Cisco FTD Intrustion logs.

KB-16121, KB-16138, KB-17336, KB-17339

67334
CiscoPIXASACompiledNormalizer did not correctly normalize the endpoint_feature field of Cisco ASA logs. KB-16373 65001
CiscoISENormalizer did not correctly normalize Cisco ISE logs. KB-16530 65615 
LP_Cisco Wireless Controller did not properly normalize the hardware_address field of WLC logs. KB-16856 66340

Cisco v5.1.0

Enhancement

Description Issue ID Reference ID

Added new compiled normalizers CiscoPixASACompiledNormalizer and CiscoESACEFCompiledNormalizer to support the PIXASA and Cisco Email Security Appliance (ESA) logs.

KB-6888, KB-13528, KB-10943, KB-15993 30785, 57360, 46742
Added and updated new signatures in  LP_Cisco DNA to normalize Cisco DNA Center logs. KB-15447, KB-15546 61469
Added signatures in LP_Cisco Traps and CiscoIronPortWebApp to normalize SNMP Trap logs from Cisco 5520 Wireless LAN Controller and Cisco WSA logs. KB-15677, KB-15744 62459, 63114
Added new signatures in LP_Arista Switch to normalize Arista Switches logs.  KB-15620 -
Added new Cisco alerts. To learn more, go to Cisco Alerts in the Cisco v5.1.0 guide. KB-12871
Added new widgets in the Cisco IronPort Email Security dashboard package for larger attachments and other policies. KB-13578

Added new labels in LP_Cisco Catalyst 35XX series, LP_Cisco Nexus 5548, and LP_Cisco Meraki MX Security Appliance.

Added new labels in the LP_Cisco Catalyst 35XX series, LP_Cisco Nexus 5548, and LP_Cisco Meraki MX Security Appliance normalization packages.

KB-13578

Firepower events that were supported via LP_Cisco Firepower are now supported by CiscoFirepowerNormalizer. 

KB-13076

Bug Fixes

The following issues are fixed:

Description
Issue ID
Reference ID
Normalization service issue in CiscoESACEFCompiledNormalizer. KB-16289 64581
Normalization packages did not normalize some Cisco Iron Port, Cisco WSA, and Cisco Meraki logs. KB-15623, KB-15531, KB-15531, KB-16070 62426, 62883, 61037, 64233, 64116, 64730
LP_Cisco ISE did not correctly normalize the FailureReason field of Cisco ISE logs. KB-16096 64026

Cisco v5.0.3

Enhancements

  • The signatures for the event IDs 419002 and 737015 have been updated for the normalization package LP_Cisco PIXASA to normalize the sample logs correctly. Additionally, the event IDs 737036, 737017, 737034, 737005, 737016, 737037, 737013, 717055, 750001, and 805002 have been added. 
  • The field source_address has been renamed as lease_address for Cisco PIXASA logs with the event ID 737015.

Bug Fixes

The following issues have been resolved:

  • An issue in the normalization package LP_Cisco PIXASA where the value of the field user was normalized incorrectly. 
  • An issue where some Cisco ASA logs were not normalized. 
  • An issue in the normalization package LP_Cisco IOS/CatOS where the value of the field log_ts was normalized incorrectly. 
  • An issue in the normalization package LP_Cisco Firepower where values of some fields were not properly captured for the Cisco Firepower logs. 

 

Cisco v3.7.0

Release Date: May 14, 2020

Download: Cisco_3.7.0.pak

SHA256: 0804c614f54f57372ecc843e374f914f2ee0013397e189db9e35299ab3480e82

Enhancement

A minor update in the Cisco's normalizer for better signature handling.

Support

If you have any queries or require assistance, create a support ticket.

Comments

  • Avatar
    Henrik Olsson
    August 26, 2019 13:35

    Hi,
    It says LogPoint v5.2 and later for Version 3.4.1.
    But when I try to add it to logpoint version 6.5.3 it says, " only supported on 6.6.x".

    Do you have one for version 6.x.x yet?

    Best regards
    Henrik Olsson

    Comment actions Permalink

Article is closed for comments.

Follow

Related articles

  • CiscoUmbrella
  • Logpoint Agent Collector
  • Universal Normalizer
  • GoogleCloudPlatform
  • ChatGPT Integration
Privacy policy    EULA    Terms of service   
Copyright © , Logpoint. All rights reserved.

Note: We use cookies that are essential for the smooth functioning of our website.