Release notes for the Splunk Add-on for Cisco ASA¶
Version 6.0.0 of the Splunk Add-on for Cisco ASA was released on July 24, 2025.
Compatibility¶
Version 6.0.0 of the Splunk Add-on for Cisco ASA is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 10.x, 9.4.x, 9.3.x, 9.2.x, 9.1.x |
| CIM | 6.1.0 |
| Supported OS for data collection | OS independent |
| Vendor products | Cisco ASA v9.12, v9.13, v9.16, v9.17, v9.20(2), v9.23 |
| Supported Cisco ASA event message_ids | 106001, 106006, 106007, 106012, 106014, 106015, 106016, 106017, 106020, 106021, 106023, 106100, 106103, 109025, 109031, 110002, 110003, 111001, 111004, 111008, 111009, 111010, 113003, 113004, 113005, 113008, 113009, 113011, 113012, 113015, 113019, 113021, 113039, 201008, 212011, 302010, 302013, 302014, 302015, 302016, 302020, 302021, 302022, 302023, 302024, 302025, 302026, 303002, 304001, 305009, 305010, 305011, 305012, 305013, 313001, 313004, 313005, 313009, 314001, 338002, 338301, 338302, 430001, 430002, 430003, 430004, 430007, 400013, 400032, 402119, 405001, 419002, 419003, 500001, 500002, 500003, 500004, 502101, 502102, 502103, 502111, 502112, 504001, 504002, 505001, 505002, 505003, 505004, 505005, 505006, 505007, 505008, 505009, 505010, 505011, 505012, 505013, 505014, 505015, 505016, 506001, 507003, 602101, 602303, 602304, 605004, 605005, 607001, 608001, 609001, 609002, 611101, 702307, 710002, 710003, 710005, 710006, 711004, 713041, 713049, 713075, 713119, 713120, 713121, 713130, 713154, 713160, 713162, 713163, 713166, 713167, 713172, 713184, 713185, 713198, 713199, 713228, 713236, 713903, 713905, 713906, 714002, 714004, 714006, 714011, 715001, 715006, 715007, 715009, 715038, 715046, 715047, 715048, 715049, 715065, 715076, 715077, 715080, 716001, 716002, 716014, 716015, 716016, 716038, 716039, 716047, 716058, 716059, 716603, 717009, 717016, 717022, 717024, 717025, 717027, 717028, 717029, 717030, 717036, 717037, 717056, 720041, 722001, 722003, 722010, 722011, 722012, 722022, 722023, 722028, 722029, 722030, 722031, 722032, 722033, 722034, 722036, 722037, 722041, 722051, 722053, 722055, 725001, 725002, 725003, 725006, 725007, 725008, 725010, 725011, 725012, 725014, 725016, 725017, 733100, 734001, 734003, 737001, 737003, 737006, 737016, 737026, 737034, 737035, 746012, 746013, 746014, 746015, 746016, 751025, 751026, 771002, 772002, 772003, 772004, 805001, 805002, 805003 |
Note
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
Breaking changes¶
- Support of new sourcetype
cisco:ftdfor FTD logs.
Note
Support of new sourcetype for FTD logs is not compatible with current version of SC4S. Thus, all the logs ingested via SC4S will be assigned cisco:asa sourcetype.
New or changed features¶
The Splunk Add-on for Cisco ASA 6.0.0 introduces the following new features
- Support for Cisco ASA version 9.23.
- Support for CIM version 6.1.0.
- Fixed truncation issue for user field for message ID 302020 and 302021.
Bug Fixes¶
The Splunk Add-on for Cisco ASA 6.0.0 introduces the following bug fixes
- Fixed extraction of user field for message ID 722051 and 113039.
- Enhanced regex to support all formats of message ID 106100.
- Removed macro restricting dashboard from populating data from all indexes.
- Fixed Top 10 message ID panel to fetch data only from cisco:asa and cisco:ftd sourcetypes.
Field Changes¶
The Splunk Add-on for Cisco ASA 6.0.0 introduces the following field changes.
| Source-type | message_id | Fields added | Fields removed |
|---|---|---|---|
['cisco:asa'] |
110003, 405001, 609001, 609002 | signature | |
['cisco:ftd'] |
110003, 405001, 609001, 609002 | signature |
Fixed issues¶
Version 6.0.0 of the Splunk Add-on for Cisco ASA fixes the following
issues:
Known issues¶
Version 6.0.0 of the Splunk Add-on for Cisco ASA has the following known
issues:
Third-party software attributions¶
Version 6.0.0 of the Splunk Add-on for Cisco ASA does not incorporate any third-party software or libraries.