[ { "@timestamp": "2019-08-14T13:56:30.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /platinum/platformSettingEdit.cgi?type=AuditLog, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 0, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "platformSettingEdit.cgi", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T13:57:19.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /platinum/platformSettingEdit.cgi?type=Banner, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 194, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "platformSettingEdit.cgi", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T13:57:26.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /platinum/ChangeReconciliation.cgi, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 386, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "ChangeReconciliation.cgi", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T13:57:34.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /platinum/platformSettingEdit.cgi?type=IntrusionPolicyPrefs, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 568, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "platformSettingEdit.cgi", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T13:57:43.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /admin/lights_out_mgmt.cgi, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 774, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "lights_out_mgmt.cgi", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T13:58:02.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Cloud Services, View url filtering settings\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 943, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "mojo_server.pl", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T13:58:02.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Cloud Services, View amp settings\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 1072, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "mojo_server.pl", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T13:58:20.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Monitoring > Syslog, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 1191, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "mojo_server.pl", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T13:58:41.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Device Management, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 1316, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "mojo_server.pl", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T13:58:47.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Device Management > NGFW Interfaces, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 1440, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "sfdccsm", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T13:58:52.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Device Management > NGFW Device Summary, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 1575, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "mojo_server.pl", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T13:58:54.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Device Management > NGFW Device Summary, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 1721, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "mojo_server.pl", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T13:59:10.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 1867, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "sfdccsm", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T13:59:15.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 1984, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "sfdccsm", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:00:37.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Save Policy ftd-policy\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 2128, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "sfdccsm", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:00:37.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Modified: Syslog\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 2285, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "sfdccsm", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:00:37.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 2436, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "sfdccsm", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:01:12.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Save Policy ftd-policy\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 2580, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "sfdccsm", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:01:12.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Modified: Syslog\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 2737, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "sfdccsm", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:01:13.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Platform Settings Editor, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 2888, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "sfdccsm", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:01:20.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 3032, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "sfdccsm", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:01:31.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 3143, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "ActionQueueScrape.pl", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:01:31.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@localhost, Task Queue, Successful task completion : Pre-deploy Global Configuration Generation\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 3267, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "ActionQueueScrape.pl", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:01:35.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 3440, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "ActionQueueScrape.pl", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:01:36.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@localhost, Task Queue, Successful task completion : Pre-deploy Device Configuration for siem-ftd\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 3564, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "ActionQueueScrape.pl", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:01:55.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Configuration > Configuration, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 3739, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "mojo_server.pl", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:01:56.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@localhost, Task Queue, Policy Deployment to siem-ftd - SUCCESS\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 3874, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "sfdccsm", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:01:57.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "csm_processes@Default User IP, Login, Login Success\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 4002, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "sfdccsm", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:02:03.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Monitoring > Syslog, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 4113, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "mojo_server.pl", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:02:11.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Monitoring > Audit, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 4238, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "index.cgi", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:02:19.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Configuration > Configuration, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 4357, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "mojo_server.pl", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:02:31.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, System > Configuration > Configuration > /platinum/platformSettingEdit.cgi?type=AuditLog, Page View\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 4492, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "platformSettingEdit.cgi", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:02:38.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Local System Configuration, Save Local System Configuration\u0000x0a\u0000x00", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 4686, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "platformSettingEdit.cgi", "service.type": "cisco", "syslog.facility": 14, "tags": [ "cisco-ftd", "forwarded" ] }, { "@timestamp": "2019-08-14T14:02:38.000-02:00", "event.dataset": "cisco.ftd", "event.module": "cisco", "event.original": "admin@10.0.255.31, Devices > Platform Settings > Audit Log Settings > Modified: Send Audit Log to Syslog enabled > Disabled", "event.severity": 7, "event.timezone": "-02:00", "fileset.name": "ftd", "host.name": "siem-management", "input.type": "log", "log.level": "debug", "log.offset": 4870, "observer.product": "ftd", "observer.type": "firewall", "observer.vendor": "Cisco", "process.name": "platformSettingEdit.cgi", "service.type": "cisco", "syslog.facility": 14, "syslog.priority": 2, "tags": [ "cisco-ftd", "forwarded" ] } ]