updating links

patel-bhavin · patel-bhavin · commit a1d2b7391509 · 2025-09-25T18:23:04.000-07:00
diff --git a/detections/application/cisco_asa___logging_disabled_via_cli.yml b/detections/application/cisco_asa___logging_disabled_via_cli.yml
@@ -32,14 +32,8 @@ known_false_positives: |
   troubleshooting, or device reconfiguration. These events should be verified
   against approved change management activities.
 references:
-- https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/  
-- https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks 
-- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB
-- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O
-- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW
-- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http-code-exec-WmfP3h3O
-- https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices
-- https://www.ncsc.gov.uk/news/persistent-malicious-targeting-cisco-devices
+- https://www.cisco.com/site/us/en/products/security/firewalls/adaptive-security-appliance-asa-software/index.html
+- https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks
 drilldown_searches:
 - name: View the detection results for $host$
   search: '%original_detection_search% | search  host = $host$'
@@ -68,9 +62,6 @@ tags:
     - Splunk Enterprise
     - Splunk Enterprise Security
   security_domain: network
-  cve:
-    - CVE-2025-20333
-    - CVE-2025-20362
 tests:
   - name: True Positive Test
     attack_data:
diff --git a/stories/suspicious_cisco_adaptive_security_appliance_activity.yml b/stories/suspicious_cisco_adaptive_security_appliance_activity.yml
@@ -20,10 +20,8 @@ narrative: |
 
   Monitoring activity from Cisco ASA and FTD devices is critical because these appliances serve as key security controls at the network perimeter. Analyzing their telemetry and syslog data helps organizations maintain visibility into device health, policy enforcement, and potential threats. Regular monitoring enables early detection of unusual or unauthorized activity, supports compliance requirements, and strengthens the overall security posture by ensuring that any deviations from expected behavior are promptly investigated.
 references:
-- https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/200184-Configure-Syslog-on-ASA.html
-- https://www.cisco.com/c/en/us/support/security/adaptive-security-appliance-asa-software/series.html
-- https://www.cisco.com/c/en/us/support/web/tsd-products-support-series-home.html#~security
-- https://blog.talosintelligence.com
+- https://www.cisco.com/site/us/en/products/security/firewalls/adaptive-security-appliance-asa-software/index.html
+- https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks
 tags:
   category:
   - Adversary Tactics
