Skip to content

Commit 41f06b7

Browse files
vinit-chauhanvinit-chauhan
authored
[Enhancement] [Cisco ISE] Make enhancement in connector with best practices implementation (elastic#4694)
* Update Aggregation visualizations to Lens, Add an on_failure processor to the convert and date processors * Update changelog entry * Changes as per review comments
1 parent 2230596 commit 41f06b7

File tree

108 files changed

+8154
-7346
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

108 files changed

+8154
-7346
lines changed

packages/cisco_ise/_dev/deploy/docker/docker-compose.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
1-
version: '2.3'
1+
version: "2.3"
22
services:
33
cisco_ise-log-tcp:
4-
image: docker.elastic.co/observability/stream:v0.6.2
4+
image: docker.elastic.co/observability/stream:v0.8.0
55
volumes:
66
- ./sample_logs:/sample_logs:ro
77
entrypoint: /bin/bash
88
command: -c "/stream log --start-signal=SIGHUP --delay=5s --addr elastic-agent:9025 -p=tcp /sample_logs/log.log"
99
cisco_ise-log-udp:
10-
image: docker.elastic.co/observability/stream:v0.6.2
10+
image: docker.elastic.co/observability/stream:v0.8.0
1111
volumes:
1212
- ./sample_logs:/sample_logs:ro
1313
entrypoint: /bin/bash

packages/cisco_ise/_dev/deploy/docker/sample_logs/log.log

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -24,16 +24,16 @@
2424
<181>Mar 3 09:08:33 isehost CISE_Administrative_and_Operational_Audit 0000082499 1 0 2022-03-03 09:08:33.981 +00:00 0000082565 61026 NOTICE EAP-TLS: Shutdown secure connection with TLS peer, ConfigVersionId=1626, AdminInterface=UNKNOWN, AdminIPAddress=10.0.9.204, , OperationMessageText=Connection closed from 10.0.9.204:53127 to 169.254.2.5:5671, AcsInstance=isehost,
2525
<181>Mar 3 09:25:05 isehost CISE_Administrative_and_Operational_Audit 0000082666 1 0 2022-03-03 09:25:05.100 +00:00 0000082733 61077 NOTICE MyDevices: MyDevices has been successfully logged out, ConfigVersionId=1630, UserName=someuser, IpAddress=81.2.69.143, AuthenticationIdentityStore=Internal Users, PortalName=My Devices Portal (default), IdentityGroup=ALL_ACCOUNTS (default), PsnHostName=isehost.local, ResponseTime=35,
2626
<181>Mar 3 08:31:21 isehost CISE_Administrative_and_Operational_Audit 0000082306 1 0 2022-03-03 08:31:21.075 +00:00 0000082373 52001 NOTICE Configuration-Changes: Changed configuration, ConfigVersionId=1621, FailureFlag=false, RequestResponseType=initial, AdminInterface=GUI, AdminIPAddress=10.0.9.204, AdminName=someadmin, ConfigChangeData=Object modified:\, Log Severity Level = DEBUG\,Local Logging = enable\,Assigned Targets = {LogCollector,LogCollector2,ProfilerRadiusProbe}, ObjectType=UPSCategory, ObjectName=AAA Diagnostics, OperationMessageText=LoggingCategories "Passed Authentications" has been edited successfully.,
27-
<181>Mar 10 11:04:19 isehost CISE_Administrative_and_Operational_Audit 0000130002 1 0 2022-03-10 11:04:19.271 +00:00 0000130069 60077 NOTICE MyDevices: MyDevices user authentication has failed, ConfigVersionId=3117, FailureReason=22040 Wrong password or invalid shared secret, UserName=test1123, IpAddress=172.16.17.255, AuthenticationIdentityStore=Internal Users, PortalName=test-mydevices, PsnHostName=isehost.local, ResponseTime=90,
28-
<181>Mar 11 07:20:28 isehost CISE_Administrative_and_Operational_Audit 0000093200 1 0 2022-03-11 07:20:28.019 +00:00 0000093246 58005 NOTICE Process-Management: ISE process was restarted by watchdog service, ConfigVersionId=1703, FailureFlag=true, RequestResponseType=final, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=system, OperationMessageText=Process: 'ISE Stunnel Service' started by ISE watchdog process, AcsInstance=isehost,
29-
<181>Mar 10 05:25:13 isehost CISE_Administrative_and_Operational_Audit 0000128314 1 0 2022-03-10 05:25:13.944 +00:00 0000128381 60094 NOTICE System-Management: ISE Backup has completed successfully, ConfigVersionId=3068, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=Operational backup test_bkp_op-OPS10-220310-0524.tar.gpg to repository test-new success, AcsInstance=isehost,
30-
<181>Mar 10 05:24:16 isehost CISE_Administrative_and_Operational_Audit 0000128311 1 0 2022-03-10 05:24:16.414 +00:00 0000128378 60093 NOTICE System-Management: ISE Backup has started, ConfigVersionId=3068, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=Initiating opsbackup backup test_bkp_op-OPS10-220310-0524 to repository test-new, AcsInstance=isehost,
31-
<181>Mar 9 19:00:42 isehost CISE_Administrative_and_Operational_Audit 0000083172 1 0 2022-03-09 19:00:42.763 +00:00 0000083218 60134 NOTICE System-Management: DNS Resolution failure, ConfigVersionId=1537, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=system, OperationMessageText=DNS resolution failed for the hostname isehost.local against the currently configured name servers., AcsInstance=isehost,
32-
<181>Mar 8 12:26:58 isehost CISE_Administrative_and_Operational_Audit 0000116964 1 0 2022-03-08 12:26:58.391 +00:00 0000117031 60188 NOTICE Administrator-Login: An attempted SSH connection has failed, ConfigVersionId=2726, AdminInterface=CLI, OperationMessageText=Received disconnect from 81.2.69.143 port 36953:11: disconnected by user, AcsInstance=isehost,
33-
<181>Mar 8 12:26:58 isehost CISE_Administrative_and_Operational_Audit 0000116963 1 0 2022-03-08 12:26:58.390 +00:00 0000117030 60116 NOTICE Administrator-Login: A CLI user has logged out from SSH, ConfigVersionId=2726, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=User 'admin' logged out from CLI SSH session from SSH client IP: 81.2.69.143, AcsInstance=isehost,
34-
<181>Mar 8 12:15:32 isehost CISE_Administrative_and_Operational_Audit 0000116901 1 0 2022-03-08 12:15:32.654 +00:00 0000116968 60080 NOTICE Administrator-Login: A SSH CLI user has successfully logged in, ConfigVersionId=2718, AdminInterface=CLI, OperationMessageText=Accepted password for admin from 81.2.69.143 port 36953 ssh2, AcsInstance=isehost,
35-
<181>Mar 8 12:15:32 isehost CISE_Administrative_and_Operational_Audit 0000116902 1 0 2022-03-08 12:15:32.654 +00:00 0000116969 60115 NOTICE Administrator-Login: A CLI user has logged in from SSH, ConfigVersionId=2718, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=User 'admin' logged in to CLI SSH session from SSH client IP: 81.2.69.143, AcsInstance=isehost,
36-
<181>Mar 8 12:14:39 isehost CISE_Administrative_and_Operational_Audit 0000116896 1 0 2022-03-08 12:14:39.376 +00:00 0000116963 60081 NOTICE Administrator-Login: A SSH CLI user has attempted unsuccessfully to login, ConfigVersionId=2718, AdminInterface=CLI, OperationMessageText=Failed password for root from 81.2.69.143 port 36661 ssh2, AcsInstance=isehost,
27+
<181>Mar 10 11:04:19 isehost CISE_Administrative_and_Operational_Audit 0000130002 1 0 2022-03-10 11:04:19.271 +00:00 0000130069 60077 NOTICE MyDevices: MyDevices user authentication has failed, ConfigVersionId=3117, FailureReason=22040 Wrong password or invalid shared secret, UserName=test1123, IpAddress=172.16.17.255, AuthenticationIdentityStore=Internal Users, PortalName=test-mydevices, PsnHostName=isehost.local, ResponseTime=90,
28+
<181>Mar 11 07:20:28 isehost CISE_Administrative_and_Operational_Audit 0000093200 1 0 2022-03-11 07:20:28.019 +00:00 0000093246 58005 NOTICE Process-Management: ISE process was restarted by watchdog service, ConfigVersionId=1703, FailureFlag=true, RequestResponseType=final, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=system, OperationMessageText=Process: 'ISE Stunnel Service' started by ISE watchdog process, AcsInstance=isehost,
29+
<181>Mar 10 05:25:13 isehost CISE_Administrative_and_Operational_Audit 0000128314 1 0 2022-03-10 05:25:13.944 +00:00 0000128381 60094 NOTICE System-Management: ISE Backup has completed successfully, ConfigVersionId=3068, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=Operational backup test_bkp_op-OPS10-220310-0524.tar.gpg to repository test-new success, AcsInstance=isehost,
30+
<181>Mar 10 05:24:16 isehost CISE_Administrative_and_Operational_Audit 0000128311 1 0 2022-03-10 05:24:16.414 +00:00 0000128378 60093 NOTICE System-Management: ISE Backup has started, ConfigVersionId=3068, AdminInterface=GUI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=Initiating opsbackup backup test_bkp_op-OPS10-220310-0524 to repository test-new, AcsInstance=isehost,
31+
<181>Mar 9 19:00:42 isehost CISE_Administrative_and_Operational_Audit 0000083172 1 0 2022-03-09 19:00:42.763 +00:00 0000083218 60134 NOTICE System-Management: DNS Resolution failure, ConfigVersionId=1537, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=system, OperationMessageText=DNS resolution failed for the hostname isehost.local against the currently configured name servers., AcsInstance=isehost,
32+
<181>Mar 8 12:26:58 isehost CISE_Administrative_and_Operational_Audit 0000116964 1 0 2022-03-08 12:26:58.391 +00:00 0000117031 60188 NOTICE Administrator-Login: An attempted SSH connection has failed, ConfigVersionId=2726, AdminInterface=CLI, OperationMessageText=Received disconnect from 81.2.69.143 port 36953:11: disconnected by user, AcsInstance=isehost,
33+
<181>Mar 8 12:26:58 isehost CISE_Administrative_and_Operational_Audit 0000116963 1 0 2022-03-08 12:26:58.390 +00:00 0000117030 60116 NOTICE Administrator-Login: A CLI user has logged out from SSH, ConfigVersionId=2726, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=User 'admin' logged out from CLI SSH session from SSH client IP: 81.2.69.143, AcsInstance=isehost,
34+
<181>Mar 8 12:15:32 isehost CISE_Administrative_and_Operational_Audit 0000116901 1 0 2022-03-08 12:15:32.654 +00:00 0000116968 60080 NOTICE Administrator-Login: A SSH CLI user has successfully logged in, ConfigVersionId=2718, AdminInterface=CLI, OperationMessageText=Accepted password for admin from 81.2.69.143 port 36953 ssh2, AcsInstance=isehost,
35+
<181>Mar 8 12:15:32 isehost CISE_Administrative_and_Operational_Audit 0000116902 1 0 2022-03-08 12:15:32.654 +00:00 0000116969 60115 NOTICE Administrator-Login: A CLI user has logged in from SSH, ConfigVersionId=2718, AdminInterface=CLI, AdminIPAddress=81.2.69.143, AdminName=admin, OperationMessageText=User 'admin' logged in to CLI SSH session from SSH client IP: 81.2.69.143, AcsInstance=isehost,
36+
<181>Mar 8 12:14:39 isehost CISE_Administrative_and_Operational_Audit 0000116896 1 0 2022-03-08 12:14:39.376 +00:00 0000116963 60081 NOTICE Administrator-Login: A SSH CLI user has attempted unsuccessfully to login, ConfigVersionId=2718, AdminInterface=CLI, OperationMessageText=Failed password for root from 81.2.69.143 port 36661 ssh2, AcsInstance=isehost,
3737
<183>Mar 3 09:22:59 ise204 CISE_Authentication_Flow_Diagnostics 0000082628 1 0 2022-03-03 09:22:59.360 +00:00 0000082695 22016 DEBUG Workflow: Identity sequence completed iterating the IDStores, ConfigVersionId=1628, UserName=admin, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=ise204/435083133/112, AuthenticationIdentityStore=All_AD_Join_Points, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=2, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=All_AD_Join_Points, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=ise204:userauth19, Response={AuthenticationResult=UnknownUser; },
3838
<183>Mar 3 09:24:13 ise204 CISE_Authentication_Flow_Diagnostics 0000082651 1 0 2022-03-03 09:24:13.238 +00:00 0000082718 22037 DEBUG Workflow: Authentication Passed, ConfigVersionId=1628, UserName=test, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=ise204/435083133/115, AuthenticationIdentityStore=Internal Users, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Users, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=ise204:userauth20, Response={AuthenticationResult=Passed; },
3939
<182>Mar 3 09:22:51 ise204 CISE_Authentication_Flow_Diagnostics 0000082605 1 0 2022-03-03 09:22:51.639 +00:00 0000082672 22040 INFO Authentication: Wrong password or invalid shared secret, ConfigVersionId=1628, UserName=employee1, SelectedAccessService=AuthenticateUserAPI, AcsSessionID=ise204/435083133/110, AuthenticationMethod=PAP_ASCII, WorkflowCurrentIDStoreIndex=0, WorkflowSequenceType=AuthenticationSequence, CurrentIDStoreName=Internal Users, WorkflowIfUserNotFound=Reject, WorkflowIfProcessError=Reject, WorkflowIfAuthenticationFailed=Reject, CPMSessionID=ise204:userauth18, Response={AuthenticationResult=Failed; },

packages/cisco_ise/changelog.yml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,9 @@
11
# newer versions go on top
2+
- version: "1.4.0"
3+
changes:
4+
- description: Update Aggregation visualizations to Lens, Add an on_failure processor to the convert and date processors, remove unnecessary white spaces, and convert double quotes to single quotes.
5+
type: enhancement
6+
link: https://github.com/elastic/integrations/pull/4694
27
- version: "1.3.0"
38
changes:
49
- description: Enhancements, refacturing and bugfixes
@@ -31,7 +36,7 @@
3136
link: https://github.com/elastic/integrations/pull/3859
3237
- version: "0.3.0"
3338
changes:
34-
- description: Update package to ECS 8.4.0
39+
- description: Update package to ECS 8.4.0.
3540
type: enhancement
3641
link: https://github.com/elastic/integrations/pull/3842
3742
- version: "0.2.0"
@@ -41,6 +46,6 @@
4146
link: https://github.com/elastic/integrations/pull/3353
4247
- version: "0.1.0"
4348
changes:
44-
- description: Initial draft of the package
49+
- description: Initial draft of the package.
4550
type: enhancement
4651
link: https://github.com/elastic/integrations/pull/2855

0 commit comments

Comments
 (0)