Bug squashing

CSVD · Jun 14, 2020 · ddfe2af · ddfe2af
1 parent 0cfc3c9
commit ddfe2af
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 10 deletions.
diff --git a/docs/sources/Cisco/index.md b/docs/sources/Cisco/index.md
@@ -405,9 +405,9 @@ Verify timestamp, and host values match as expected
 
 | key            | sourcetype     | index          | notes          |
 |----------------|----------------|----------------|----------------|
-| cisco_wsa_l4tm    | cisco:wsa:l4tm    | netops          | None     |
-| cisco_wsa_squid    | cisco:wsa:squid    | netops          | None     |
-| cisco_wsa_squid_new    | cisco:wsa:squid:new    | netops          | None     |
+| cisco_wsa    | cisco:wsa:l4tm    | netproxy          | None     |
+| cisco_wsa    | cisco:wsa:squid    | netproxy          | None     |
+| cisco_wsa    | cisco:wsa:squid:new    | netproxy          | None     |
 
 ### Filter type
 

diff --git a/package/etc/conf.d/log_paths/lp-dell_rsa_secureid.conf.tmpl b/package/etc/conf.d/log_paths/lp-dell_rsa_secureid.conf.tmpl
@@ -101,7 +101,7 @@ log {
             set("dell_rsa_secureid", value("fields.sc4s_vendor_product"));
             r_set_splunk_dest_default(sourcetype("rsa:securid:trace"));
         };
-        parser { p_add_context_splunk(key("p_add_context_splunk")); };
+        parser { p_add_context_splunk(key("dell_rsa_secureid")); };
         parser (compliance_meta_by_source);
         rewrite { set("$(template ${.splunk.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG")); };
 

diff --git a/package/etc/context_templates/splunk_index.csv.example b/package/etc/context_templates/splunk_index.csv.example
@@ -1,4 +1,5 @@
 bluecoat_proxy,index,netproxy
+brocade_syslog,index,netops
 ArcSight_ArcSight,index,main
 Cyber-Ark_Vault,index,netauth
 CyberArk_PTA,index,main
@@ -9,6 +10,7 @@ checkpoint_splunk,index,netops
 checkpoint_splunk_dlp,index,netdlp
 checkpoint_splunk_email,index,email
 checkpoint_splunk_firewall,index,netfw
+checkpoint_splunk_ids,index,netids
 checkpoint_splunk_sessions,index,netops
 checkpoint_splunk_web,index,netproxy
 checkpoint_splunk,index,netops
@@ -17,25 +19,30 @@ cisco_apic_acl,index,netfw
 cisco_apic_events,index,netops
 cisco_acs,index,netauth
 cisco_asa,index,netfw
+cisco_ftd,index,netfw
 cisco_ios,index,netops
 cisco_ise,index,netauth
+cisco_meraki,index,netfw
 cisco_nx_os,index,netops
 cisco_ucm,index,main
+cisco_wsa,index,netproxy
 dell_rsa_secureid,index,netauth
 citrix_netscaler,index,netfw
 local_example,index,main
 forcepoint_webprotect,index,netproxy
 f5_bigip,index,netops
+f5_bigip_access_json,index,netops
 f5_bigip_irule,index,netops
 f5_bigip_asm,index,netwaf
 f5_bigip_nix,index,netops
 fortinet_fortios_event,index,netops
 fortinet_fortios_log,index,netops
 fortinet_fortios_traffic,index,netfw
 fortinet_fortios_utm,index,netids
-fortinet_fortweb_log,index,netops
-fortinet_fortweb_traffic,index,netfw
-fortinet_fortweb_attack,index,netids
+fortinet_fortiweb_attack,index,netids
+fortinet_fortiweb_event,index,netops
+fortinet_fortiweb_log,index,netops
+fortinet_fortiweb_traffic,index,netfw
 infoblox_dns,index,netdns
 infoblox_dhcp,index,netipam
 infoblox_threat,index,netids
@@ -70,6 +77,14 @@ sc4s_events,index,main
 sc4s_fallback,index,main
 sc4s_metrics,index,em_metrics
 symantec_ep,index,epav
+symantec_brightmail,index,email
+ubiquiti_unifi,index,netops
+ubiquiti_unifi_fw,index,netfw
+ubiquiti_unifi_link,index,netops
+ubiquiti_unifi_sudo,index,netops
+ubiquiti_unifi_switch,index,netops
+ubiquiti_unifi_threat,index,netidss
+ubiquiti_unifi_wireless,index,netops
 vmware_esx,index,main
 vmware_nsx,index,main
 vmware_vcenter,index,main

diff --git a/tests/test_cisco_wsa.py b/tests/test_cisco_wsa.py
@@ -50,7 +50,7 @@ def test_cisco_wsa_squid_11_7(record_property, setup_wordlist, get_host_key, set
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
     st = env.from_string(
-        "search index=netops sourcetype=\"cisco:wsa:squid:new\" _raw=\"{{ message }}\"")
+        "search index=netproxy sourcetype=\"cisco:wsa:squid:new\" _raw=\"{{ message }}\"")
     message1 = mt.render(mark="", bsd="", host="")
     search = st.render(host=host, message=message1.lstrip().replace('"','\\"'))
     resultCount, eventCount = splunk_single(setup_splunk, search)
@@ -77,7 +77,7 @@ def test_cisco_wsa_squid(record_property, setup_wordlist, get_host_key, setup_sp
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
     st = env.from_string(
-        "search index=netops sourcetype=\"cisco:wsa:squid\" _raw=\"{{ message }}\"")
+        "search index=netproxy sourcetype=\"cisco:wsa:squid\" _raw=\"{{ message }}\"")
     message1 = mt.render(mark="", bsd="", host="")
     search = st.render(host=host, message=message1.lstrip().replace('"','\\"'))
     resultCount, eventCount = splunk_single(setup_splunk, search)
@@ -103,7 +103,7 @@ def test_cisco_wsa_l4tm(record_property, setup_wordlist, get_host_key, setup_spl
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
     st = env.from_string(
-        "search index=netops _time={{ epoch }} sourcetype=\"cisco:wsa:l4tm\" _raw=\"{{ message }}\"")
+        "search index=netproxy _time={{ epoch }} sourcetype=\"cisco:wsa:l4tm\" _raw=\"{{ message }}\"")
 
     message1 = mt.render(mark="", bsd="", host="")
     search = st.render(epoch=epoch, host=host, message=message1.lstrip())