When conencting Log Concentrators to ESA I am getting:Failed to connect
to x.x.x.x:50005 org.apache.mina.core.RuntimeIoException: Failed to
create a new instance of
org.apache.mina.transport.socket.nio.NioProcessor:null The Packet
Decoders can connec...
Having issues with a custom dashboard. Have imported the rules and
charts, enabled them and set them to the appropriate broker. Charts and
Rules were tested and permissions were set correctly. Uploaded the
newdashboard.cfg file but get the error: 'Yo...
I have some traffic being triggered on analysis.service = 'http invalid
allow methods', but the 'access-control-allow-methods' are the
following: Access-Control-Allow-Methods: * and nothing with an http
response of Allow:And then I have traffic being...
That gives a lot of information to pivot on if you are in Investigation.
But if we want to create an app rule, or esa rule to trigger on this
traffic just the analysis.service meta doesn't have any use. Is there
any additional specific meta that is t...
If the functionality of the options_bleed.lua parser has been included
in the HTTP_lua we don't need the options_bleed.parser. But the
options_bleed_apprule triggered on analysis.session='garbled http
options allow string' && service = 80 && action =...
The logs for Dropped: Correlation Event and Not Dropped: Correlation
(custom) gets parsed with snort parser (Header 0026 / message
Snort_Alert.log). But the portion of the log that we need pulled (the
Dropped / Not Dropped) is parsed as hfld1. And th...
We are about to go through the same thing. The logs from the Firepower
is getting parsed as unknown,snort or ciscorouter and not getting parsed
correctly. Going to try to utilize the ESI tool to create a custom
parser and map it directly to the IP of...