790 views

Feature Request - Device Direction in Cisco ASA Events

I've submitted a feature request w/ ArcSight support to populate the Device Direction field in Cisco ASA events. This field is used in most types of firewalls (Check Point, etc) and very handy in content, but in the majority of Cisco ASA events it isn't populated. The inbound and outbound interfaces, however, are populated, so there is sufficient info present to create a value for device direction too.

If this change would benefit you too, please call support and ask for the feature too and refer to FR #61482 so they can assess its priority. Hopefully we're not the only ones who want it.

Thanks!

-dbw

Labels (1)
0 Likes
7 Replies
Absent Member.
Absent Member.

Adding us to this as well.
0 Likes
Commodore
Commodore

Adding us too.
0 Likes
Commander
Commander

yes DBW, absolutely we do.
HAKAN
0 Likes

Glad to hear it! Please call ArcSight support and ask to be added to that feature request. The more people who do it, the faster it will be completed. Thanks!
0 Likes
Absent Member.
Absent Member.

All,

Thank you for your posts here and interest in this feature request.  If you are looking for the functionality in TTP# 61482, please open a Support incident requesting this feature.  ArcSight can track general interest on the boards, however, the most effective way for ArcSight to track interest is through the bug/feature request tracking system.  The way we do this is to have a discreet list of customers and associated Support incidents associated with a given TTP.

Opening a Support incident also ensures you will receive a notifiction through your Support incident once the feature or bug has been included in an ArcSight product release.  So for all TTPs you see listed on the boards and would like to have or know when they are addressed, open a Support incident with the TTP number so we can better meet your needs!

Regards,

Paris

0 Likes
Absent Member.
Absent Member.

What model ASA are you using and what version software are you running on it?  I've had some problems with VPN parsing on a 5520 running 8.2(1).  I created some flex subconnectors for it.
0 Likes
Commodore
Commodore

Have you tried the Additional Data mapping for device direction?

Additional Data Names Seen:
Vendor/product [CISCO/ASA]:
    deviceDirection [6 times]

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.