Mappings: Firepower File Malware Events
Input | Value |
---|---|
Vendor | Cisco |
Product | Firepower |
Log Format | JSON |
Event ID Regex Pattern | ^430005$ |
Output | Value |
---|---|
Vendor | Cisco Systems |
Product | Firepower |
Record Type | Network |
Cloud SIEM Schema Field | Original Record Key | Notes |
---|---|---|
action | FileAction | |
device_ip | SrcIP | |
dstDevice_ip | DstIP | |
dstPort | DstPort | |
file_hash_sha256 | FileSHA256 | |
file_size | FileSize | |
ipProtocol | Protocol | |
normalizedSeverity | Priority | This is a lookup field. More info to come in the catalog later... |
severity | Priority | |
srcDevice_ip | SrcIP | |
srcPort | SrcPort | |
threat_name | ThreatName | |
threat_ruleType | None | The static text intrusion is populated in this schema field. |
user_username | User |