Release notes for the Splunk Add-on for Cisco ASA¶
Version 5.2.0 of the Splunk Add-on for Cisco ASA was released on May 30, 2024.
Compatibility¶
Version 5.2.0 of the Splunk Add-on for Cisco ASA is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 9.2.x, 9.1.x |
| CIM | 5.3.2 |
| Supported OS for data collection | OS independent |
| Vendor products | Cisco ASA v9.12, v9.13, v9.16, v9.17, v9.20(2) |
| Supported Cisco ASA event message_ids | 106001, 106006, 106007, 106012, 106014, 106015, 106016, 106017, 106020, 106021, 106023, 106100, 106103, 109025, 109031, 110002, 110003, 111001, 111004, 111008, 111009, 111010, 113003, 113004, 113005, 113008, 113009, 113011, 113012, 113019, 113021, 113039, 201008, 302010, 302013, 302014, 302015, 302016, 302020, 302021, 303002, 304001, 305009, 305010, 305011, 305012, 305013, 313001, 313004, 313005, 313009, 314001, 338002, 338301, 338302, 400013, 400032, 402119, 405001, 419002, 419003, 500001, 500002, 500003, 500004, 502101, 502102, 502103, 502111, 502112, 504001, 504002, 505001, 505002, 505003, 505004, 505005, 505006, 505007, 505008, 505009, 505010, 505011, 505012, 505013, 505014, 505015, 505016, 506001, 507003, 602101, 602303, 602304, 605004, 605005, 607001, 608001, 609001, 609002, 611101, 702307, 710002, 710003, 710005, 710006, 711004, 713041, 713049, 713075, 713119, 713120, 713121, 713130, 713154, 713160, 713162, 713163, 713166, 713167, 713172, 713184, 713185, 713198, 713199, 713228, 713236, 713903, 713905, 713906, 714002, 714004, 714006, 714011, 715001, 715006, 715007, 715009, 715038, 715046, 715047, 715048, 715049, 715065, 715076, 715077, 715080, 716001, 716002, 716014, 716015, 716016, 716038, 716039, 716047, 716058, 716059, 716603, 717009, 717016, 717022, 717024, 717025, 717027, 717028, 717029, 717030, 717036, 717037, 717056, 720041, 722001, 722003, 722010, 722011, 722012, 722022, 722023, 722028, 722029, 722030, 722031, 722032, 722033, 722034, 722036, 722037, 722041, 722051, 722053, 722055, 725001, 725002, 725003, 725006, 725007, 725008, 725010, 725011, 725012, 725014, 725016, 725017, 733100, 734001, 734003, 737001, 737003, 737006, 737016, 737026, 737034, 737035, 746012, 746013, 746014, 746015, 746016, 751025, 751026, 771002, 772002, 772003, 772004, 805001, 805002, 805003 |
Note
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New or changed features¶
The Splunk Add-on for Cisco ASA 5.2.0 introduces the following field changes.
- Improved performance of the search-time mapping of “src” field
- Support the latest version of Cisco ASA v9.20(2)
- Support the newest version of CIM v5.3.2
- Introduced a built-in dashboard to give insights of the Add-On
- Add-on version installed
- Total number of Cisco ASA events ingested in Splunk
- Time-series graph of the Cisco ASA events ingested in Splunk
- Number of events ingested in respective of index and source
- Top 10 message IDs
- Trends of events by index
- CIM supported events
Field Changes¶
The Splunk Add-on for Cisco ASA 5.2.0 introduces the following field changes.
| Sourcetype | message_id | Fields | v1 | v2 | ||
|---|---|---|---|---|---|---|
| Added Fields | Modified Fields | Removed Fields | ||||
['cisco:asa'] |
609001 | Cisco_ASA_vendor_action, laction, dest, Cisco_ASA_action, action, dest_host, zone, vendor_action | ||||
['cisco:asa'] |
711004 | process_name, instruction_pointer, cpu_hog_length | ||||
['cisco:asa'] |
722022 | src | Cisco_ASA_action, action | added, added | started, started | |
['cisco:asa'] |
722037, 722023 | src, src_ip | Cisco_ASA_action, action | dest_ip, dest | blocked, blocked | ended, ended |
['cisco:asa'] |
722028 | src, src_ip | Cisco_ASA_action, action | dest_ip, dest | blocked, blocked | ended, ended |
['cisco:asa'] |
722029 | Cisco_ASA_action, action | dest, dest_host | blocked, blocked | ended, ended | |
['cisco:asa'] |
722036 | src, src_ip | dest_ip, dest | |||
Fixed issues¶
Version 5.2.0 of the Splunk Add-on for Cisco ASA fixes the following
issues:
Known issues¶
Version 5.2.0 of the Splunk Add-on for Cisco ASA has the following known
issues:
Third-party software attributions¶
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a PDF file for download: Splunk Add-on for Cisco ASA third-party software credits.