link for debug logging

patel-bhavin · patel-bhavin · commit 4d7faff28032 · 2025-09-25T16:35:50.000-07:00
diff --git a/data_sources/cisco_asa_logs.yml b/data_sources/cisco_asa_logs.yml
@@ -8,7 +8,7 @@ description: >
   operational and security telemetry (connection events, ACL denies, VPN events,
   NAT translations, and device health). Deploy the Splunk Add-on for Cisco ASA
   (TA-cisco_asa) on indexers/heavy forwarders and the Cisco ASA App on search
-  heads for best parsing, CIM mapping, and dashboards. This data is ingested via SYSLOG. You must be ingesting Cisco ASA syslog data into your Splunk environment. To ensure all detections work, configure your ASA and FTD devices to generate and forward both debug and informational level syslog messages before they are sent to Splunk. TA few analytics are designed to be used with comprehensive logging enabled, as it relies on the presence of specific message IDs.
+  heads for best parsing, CIM mapping, and dashboards. This data is ingested via SYSLOG. You must be ingesting Cisco ASA syslog data into your Splunk environment. To ensure all detections work, configure your ASA and FTD devices to generate and forward both debug and informational level syslog messages before they are sent to Splunk. A few analytics are designed to be used with comprehensive logging enabled, as it relies on the presence of specific message IDs. You can find specific instructions on how to set this up here : https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#toc-hId--1451069880. 
 source: cisco:asa
 sourcetype: cisco:asa 
 separator: null
diff --git a/detections/application/cisco_asa___core_syslog_message_volume_drop.yml b/detections/application/cisco_asa___core_syslog_message_volume_drop.yml
@@ -24,7 +24,7 @@ search: |
   | xyseries _time message_id count
   | `cisco_asa___core_syslog_message_volume_drop_filter`
 how_to_implement: |
-  This search requires Cisco ASA syslog data to be ingested into Splunk via the Cisco Security Cloud TA. To ensure this detection works effectively, configure your ASA and FTD devices to generate and forward both debug and informational level syslog messages before they are sent to Splunk. This analytic is designed to be used with comprehensive logging enabled, as it relies on the presence of specific message IDs. The search produces a time-series suitable for dashboards to visualize drops across message IDs 302013, 302014, 609002, and 710005.
+  This search requires Cisco ASA syslog data to be ingested into Splunk via the Cisco Security Cloud TA. To ensure this detection works effectively, configure your ASA and FTD devices to generate and forward both debug and informational level syslog messages before they are sent to Splunk. This analytic is designed to be used with comprehensive logging enabled, as it relies on the presence of specific message IDs. You can find specific instructions on how to set this up here : https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#toc-hId--1451069880. The search produces a time-series suitable for dashboards to visualize drops across message IDs 302013, 302014, 609002, and 710005.
 known_false_positives: |
   Planned maintenance, network outages, routing changes, or benign configuration
   updates may reduce log volume temporarily. Validate against change management
diff --git a/detections/application/cisco_asa___logging_disabled_via_cli.yml b/detections/application/cisco_asa___logging_disabled_via_cli.yml
@@ -26,7 +26,7 @@ search: |
   | `security_content_ctime(lastTime)`  
   | `cisco_asa___logging_disabled_via_cli_filter`
 how_to_implement: |
-    This search requires Cisco ASA syslog data to be ingested into Splunk via the Cisco Security Cloud TA. To ensure this detection works effectively, configure your ASA and FTD devices to generate and forward both debug and informational level syslog messages before they are sent to Splunk. This analytic is designed to be used with comprehensive logging enabled, as it relies on the presence of specific message IDs.
+    This search requires Cisco ASA syslog data to be ingested into Splunk via the Cisco Security Cloud TA. To ensure this detection works effectively, configure your ASA and FTD devices to generate and forward both debug and informational level syslog messages before they are sent to Splunk. This analytic is designed to be used with comprehensive logging enabled, as it relies on the presence of specific message IDs. You can find specific instructions on how to set this up here : https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#toc-hId--1451069880. 
 known_false_positives: |
   Administrators may intentionally disable or modify logging during maintenance,
   troubleshooting, or device reconfiguration. These events should be verified
