From 3865470f2e1dcd798be723e074ca5688b92882f5 Mon Sep 17 00:00:00 2001 From: nasbench Date: Mon, 9 Mar 2026 23:54:40 +0100 Subject: [PATCH] add more sdwan --- .../service_proxy_access/serviceproxy_access.log | 3 +++ .../service_proxy_access/serviceproxy_access.yml | 12 ++++++++++++ datasets/cisco_sd_wan/{ => vsyslog}/vsyslog.log | 0 .../{cisco_sd_wan.yml => vsyslog/vsyslog.yml} | 4 ++-- 4 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 datasets/cisco_sd_wan/service_proxy_access/serviceproxy_access.log create mode 100644 datasets/cisco_sd_wan/service_proxy_access/serviceproxy_access.yml rename datasets/cisco_sd_wan/{ => vsyslog}/vsyslog.log (100%) rename datasets/cisco_sd_wan/{cisco_sd_wan.yml => vsyslog/vsyslog.yml} (68%) diff --git a/datasets/cisco_sd_wan/service_proxy_access/serviceproxy_access.log b/datasets/cisco_sd_wan/service_proxy_access/serviceproxy_access.log new file mode 100644 index 00000000..5c7a85a0 --- /dev/null +++ b/datasets/cisco_sd_wan/service_proxy_access/serviceproxy_access.log @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0a0aec7632b30669e3d2479bcf0ce2b12fee87c9fb2bd888779b703922168efc +size 623 diff --git a/datasets/cisco_sd_wan/service_proxy_access/serviceproxy_access.yml b/datasets/cisco_sd_wan/service_proxy_access/serviceproxy_access.yml new file mode 100644 index 00000000..21e2da19 --- /dev/null +++ b/datasets/cisco_sd_wan/service_proxy_access/serviceproxy_access.yml @@ -0,0 +1,12 @@ +author: Nasreddine Bencherchali +id: 695e402a-dcab-4608-bcbf-7cd7c1a19391 +date: '2026-03-09' +description: Cisco Catalyst SD-WAN Service Proxy access logs samples +environment: custom +mitre_technique: +- T1190 +datasets: +- name: cisco-sd-wan-service-proxy-access-logs + sourcetype: cisco:sdwan:access + source: /var/log/nms/containers/service-proxy/serviceproxy-access.log + path: /datasets/cisco_sd_wan/service_proxy_access/serviceproxy_access.log diff --git a/datasets/cisco_sd_wan/vsyslog.log b/datasets/cisco_sd_wan/vsyslog/vsyslog.log similarity index 100% rename from datasets/cisco_sd_wan/vsyslog.log rename to datasets/cisco_sd_wan/vsyslog/vsyslog.log diff --git a/datasets/cisco_sd_wan/cisco_sd_wan.yml b/datasets/cisco_sd_wan/vsyslog/vsyslog.yml similarity index 68% rename from datasets/cisco_sd_wan/cisco_sd_wan.yml rename to datasets/cisco_sd_wan/vsyslog/vsyslog.yml index 623ba5ed..0067a66e 100644 --- a/datasets/cisco_sd_wan/cisco_sd_wan.yml +++ b/datasets/cisco_sd_wan/vsyslog/vsyslog.yml @@ -1,7 +1,7 @@ author: Nasreddine Bencherchali id: 694e402a-dcab-4608-bcbf-7cd7c1a19391 date: '2026-03-02' -description: Cisco Catalyst SD-WAN sample logs +description: Cisco Catalyst SD-WAN Vsyslog sample logs environment: custom mitre_technique: - T1190 @@ -9,4 +9,4 @@ datasets: - name: cisco-sd-wan-logs sourcetype: cisco:sdwan:syslog source: /var/log/vsyslog - path: /datasets/cisco_sd_wan/vsyslog.log + path: /datasets/cisco_sd_wan/vsyslog/vsyslog.log