Skip to content

Commit

Permalink
Use public ip for cisco ise vpn failure log
Browse files Browse the repository at this point in the history
  • Loading branch information
@mahirchavda
mahirchavda authored Jul 30, 2024
1 parent aba18c5 commit 9ae8caa
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions cyences_app_for_splunk/default/props.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -225,7 +225,7 @@ EVAL-dest_category = if(subtype="vpn" AND vendor_action IN ("tunnel-up", "phase2
### Cisco VPN ###
#################
[cisco:ise:syslog]
EVAL-dest_category = if(MESSAGE_CODE IN (5400, 5401) AND isnotnull(AD_User_Candidate_Identities), "vpn_auth", dest_category)
EVAL-dest_category = if(MESSAGE_CODE IN (5400, 5401) AND isnull(AD_User_Candidate_Identities), "vpn_auth", dest_category)
EVAL-action = "failure"

[cisco:estreamer:data]
Expand Down Expand Up @@ -827,4 +827,4 @@ EVAL-src = 'properties.client_ip'
EVAL-user = 'properties.database_principal_name'
EVAL-app = 'properties.application_name'
EVAL-signature_id = 'properties.action_id'
EVAL-signature = 'properties.action_name'
EVAL-signature = 'properties.action_name'

0 comments on commit 9ae8caa

Please sign in to comment.