Skip to content

Releases: CiscoSecurity/fp-05-firepower-cli

CEF Payload original packet field

02 Nov 14:59
@skhademcis skhademcis
v5.2.12
6e244e9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
CEF Payload original packet field Latest
Latest

Added additional field to the CEF output to represent the original packet data, called packetData. The CEF standard does not have a field defined for the actual payload so the field 'packetData' should be considered when ingesting to a given SIEM solution (Sentinel, etc)

https://learn.microsoft.com/en-us/azure/sentinel/cef-name-mapping

Added archive() feature to the ./encore.sh script, this method will create a compressed version of the estreamer.log file in the following formatted with the system time appended to the archive filename ex.encore-log-10-26_15-42-27+0000UTC.tar.gz .

Assets 2
Loading

TCP/UDP Outputter modification

24 Oct 05:02
@skhademcis skhademcis
v5.2.10
cb4477b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
TCP/UDP Outputter modification

TCP/UDP Outputter modification, added additional error handling for endpoint streaming. Modified core logic to continuously loop and retry connections if destination is lost

Assets 2
Loading

Connection Data Output

11 Oct 18:33
@skhademcis skhademcis
v5.2.9
8668ea9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Connection Data Output

v5.2.9

*Fixed JSON output in several fields including: Connection Events: User Data, Iface/Egress Interface, converted byte string outputs to regular strings in the ssl context, id fields

Assets 2
Loading

Blocked Disposition Key Error

24 Jul 23:45
@skhademcis skhademcis
v5.2.7
bd5f932
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Blocked Disposition Key Error

Fixed "BlockedReasonId" key error present in FMC < 7.0 builds which was causing the program to stop parsing during IDS enrichment.

Assets 2
Loading

Added additional logging to monitor process

08 Jun 16:59
@skhademcis skhademcis
v5.2.6
bf81b71
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Added additional logging to monitor process 
v5.2.6

Create VERSION
Assets 2
Loading

Bookmark time log fix

03 May 03:36
@skhademcis skhademcis
v5.2.5
cd66a94
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Bookmark time log fix

Resolved estreamer.log display issue with bookmark time being zero (bookmark 1970-01-01T00:00:00) despite valid bookmark time in the bookmark.dat file.

Assets 2
Loading

Offset Warnings correction

04 Apr 18:18
@skhademcis skhademcis
v5.2.4
23e624f
Compare
Choose a tag to compare
Offset Warnings correction

Removed offset warnings issue in malware events for ingress/egress vrf fields

Assets 2
Loading

Blocked Reason Diposition Bug

30 Mar 19:50
@skhademcis skhademcis
v5.2.3
bbe0cc2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Blocked Reason Diposition Bug

Fixed an issue with Metadata events, record type 112, contained logic to handle blocked reason ids that were not defined as part of the record type.

Assets 2
Loading

Syntax in Default Cache File

02 Feb 21:23
@skhademcis skhademcis
v5.2.2
c78001c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Syntax in Default Cache File

v5.2.1 - FMC 7.2 IDS Diposition Expansion and CEF Failure for IDS Events

Expanded disposition definitions for IDS events for 7.2, this addresses a bug that would cause the CEF adapter to fail due to values that were provided outside of the eStreamer specification

v5.2.2
Corrected Syntax error in default cache values

Assets 2
Loading

Decoding for File Hash Events and additional Packet Encoding Options

16 Dec 20:45
@skhademcis skhademcis
v5.1.8
9aafcd3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Decoding for File Hash Events and additional Packet Encoding Options

Removed byte hex encoding for file hash fields, malware event fields (records 125,502 and 511) no longer contain the b'<file_hash>' wrapper encoding.

Added additional configuration options for packet records, you can now select whether or not to include the original packet in the record which contains the payload and the packet header, this configured using the following variable in the estreamer.conf

includeOriginalPacket: true in (https://github.com/CiscoSecurity/fp-05-firepower-cli/blob/master/default.conf#L56) estreamer.conf

Assets 2
Loading