Merge pull request #3700 from splunk/auto-ta-update-403

patel-bhavin · web-flow · commit eb4400c1d1f0 · 2025-09-29T11:20:41.000-07:00
Automated Splunk TA Update 403
diff --git a/contentctl.yml b/contentctl.yml
@@ -249,8 +249,8 @@ apps:
 - uid: 1467
   title: Cisco Networks Add-on
   appid: TA-cisco_ios
-  version: 2.7.8
-  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/add-on-for-cisco-network-data_278.tgz
+  version: 2.7.9
+  hardcoded_path: https://attack-range-appbinaries.s3.us-west-2.amazonaws.com/add-on-for-cisco-network-data_279.tgz
 githash: d6fac80e6d50ae06b40f91519a98489d4ce3a3fd
 test_data_caches:
 - base_url: https://media.githubusercontent.com/media/splunk/attack_data/master/
diff --git a/data_sources/cisco_ios_logs.yml b/data_sources/cisco_ios_logs.yml
@@ -3,14 +3,22 @@ id: 9e4c8d7b-6f5e-4a3d-b2c1-0a9b8c7d6e5f
 version: 1
 date: '2025-08-21'
 author: Michael Haag, Splunk
-description: Data source object for Cisco IOS system logs. Cisco IOS logs provide operational and security telemetry from Cisco network devices (IOS, IOS XE, IOS XR, NX-OS, WLC, and APs). The Cisco Networks Add-on for Splunk (TA-cisco_ios) normalizes these events by setting proper sourcetypes and extracting fields for switches, routers, controllers, and access points; deploy the TA on indexers/HFs and search heads, and the Cisco Networks (cisco_ios) App on search heads. Supported platforms include Catalyst, ASR, ISR, Nexus, CRS, and other IOS-based devices, enabling consistent investigation, alerting, and reporting in Splunk Enterprise and Splunk Cloud. This data is ingested via SYSLOG.
+description: Data source object for Cisco IOS system logs. Cisco IOS logs provide
+  operational and security telemetry from Cisco network devices (IOS, IOS XE, IOS
+  XR, NX-OS, WLC, and APs). The Cisco Networks Add-on for Splunk (TA-cisco_ios) normalizes
+  these events by setting proper sourcetypes and extracting fields for switches, routers,
+  controllers, and access points; deploy the TA on indexers/HFs and search heads,
+  and the Cisco Networks (cisco_ios) App on search heads. Supported platforms include
+  Catalyst, ASR, ISR, Nexus, CRS, and other IOS-based devices, enabling consistent
+  investigation, alerting, and reporting in Splunk Enterprise and Splunk Cloud. This
+  data is ingested via SYSLOG.
 source: cisco:ios
 sourcetype: cisco:ios
 separator: null
 supported_TA:
 - name: Cisco Networks Add-on
   url: https://splunkbase.splunk.com/app/1467
-  version: 2.7.8
+  version: 2.7.9
 fields:
 - _time
 - aci_message_text
@@ -81,7 +89,8 @@ fields:
 output_fields:
 - user
 - dest
-example_log: 'Aug 20 17:10:21.639: %AAA-6-USERNAME_CONFIGURATION: user with username: attacker configured
-  Aug 20 17:10:21.664: %AAA-6-USER_PRIVILEGE_UPDATE: username: attacker privilege updated with priv-15
-  Aug 20 17:10:21.665: %PARSER-5-CFGLOG_LOGGEDCMD: User:ec2-user logged command:username attacker privilege 15 secret *
-  Aug 20 17:10:21.665: %PARSER-5-CFGLOG_LOGGEDCMD: User:ec2-user logged command:!config: USER TABLE MODIFIED'
+example_log: 'Aug 20 17:10:21.639: %AAA-6-USERNAME_CONFIGURATION: user with username:
+  attacker configured Aug 20 17:10:21.664: %AAA-6-USER_PRIVILEGE_UPDATE: username:
+  attacker privilege updated with priv-15 Aug 20 17:10:21.665: %PARSER-5-CFGLOG_LOGGEDCMD:
+  User:ec2-user logged command:username attacker privilege 15 secret * Aug 20 17:10:21.665:
+  %PARSER-5-CFGLOG_LOGGEDCMD: User:ec2-user logged command:!config: USER TABLE MODIFIED'
