<html lang="en">
<body>

<p>
	    <b>[OOTB] Cisco ASA and IOS syslog. Version 8</b><br>
		Change list:
		<ul>
			<li> Extra normalizer "ASA|FTD|FWSM" was changed. Extra normalizer name "ASA|FTD|FWSM" was changed to "ASA|FTD|FWSM|NGIPS". Additional condition "NGIPS" was added to the filter condition.</li>
			<li>Support for "NGIPS" events was added.</li>
			<li>Extra normalizer "for302014" was changed. Mapping of event field "seq_num" was changed from KUMA field "DeviceCustomNumber1" to the KUMA field "DeviceCustomString2".</li>
		</ul>
    </p>

<p>
	    <b>[OOTB] Cisco ASA and IOS syslog. Version 7</b><br>
		Change list:
		<ul>
			<li>Support of additional event type was added. New regular expressions were added to the main normalizer.</li>
			<li>Extra normalizer "434001" was changed. The regular expression was changed. Positions of the capture groups "deviceOutboundInterface" and "deviceInboundInterface" were fixed. New regular expression was added.</li>
            <li>Extra normalizer "434002" was changed. The regular expression was changed. Positions of the capture groups "deviceOutboundInterface" and "deviceInboundInterface" were fixed. New regular expression was added.</li>
            <li>Extra normalizer "434003" was changed. The regular expression was changed. Positions of the capture groups "deviceOutboundInterface" and "deviceInboundInterface" were fixed. New regular expression was added.</li>
            <li>Extra normalizer "434004" was changed. The regular expression was changed. Positions of the capture groups "deviceOutboundInterface" and "deviceInboundInterface" were fixed. New regular expression was added.</li>
            <li>Extra normalizer "434007" was changed. The regular expression was changed. Positions of the capture groups "deviceOutboundInterface" and "deviceInboundInterface" were fixed. New regular expression was added.</li>
            <li>Extra normalizer "106023" was changed. New regular expression was added.</li>
			<li>Extra normalizer "for302014" was changed. New regular expressions was added.</li>
            <li>New extra normalizers were added: "106028", "110001", "305009", "305010", "212005", "305005", "106010".</li>
		</ul>
    </p>

  <p>
	    <b>[OOTB] Cisco ASA and IOS syslog. Version 6</b><br>
		Change list:
		<ul>
			<li>New extra normalizer "PORT_SECURITY" was added.</li>
			<li>In the extra normalizer "Product Separation" new event enrichments were added to the KUMA fields "SourceUserName", "SourceNtDomain".</li>
			<li>Extra normalizer "305011" was changed. New regular expression was added. Event field "sUser" was mapped to the KUMA field "SourceUserName".</li>
			<li>Extra normalizer "305012" was changed. New regular expression was added. Event field "sUser" was mapped to the KUMA field "SourceUserName".</li>
			<li>Extra normalizer "302027" was changed. Event enrichment was added to the KUMA field "BytesOut" (data from the field "DeviceCustomNumber1" was mapped to the KUMA field "BytesOut").</li>
			<li>Extra normalizer "302025" was changed. Event enrichment was added to the KUMA field "BytesOut" (data from the field "DeviceCustomNumber1" was mapped to the KUMA field "BytesOut").</li>
			<li>Extra normalizer "722029|722030|722031" was changed. Mapping of event field "Out" was changed from the KUMA field "DeviceCustomString1" to "DeviceCustomString3". Event enrichment for the KUMA field "BytesOut" was added (data from the field "DeviceCustomString3" was mapped to the KUMA field "BytesOut"). Event enrichment for the field "BytesIn" was added (data from the field "DeviceCustomString1" was mapped to the KUMA field "BytesOut").</li>
		</ul>
    </p>

  <p>
	    <b>[OOTB] Cisco ASA and IOS syslog. Version 5</b><br>
		Change list:
		<ul>
			<li>Regular expression in the extra normalizer "106015" was replaced.</li>
			<li>In the extra normalizer "106015" event field "sport" was mapped to the KUMA "SourcePort".</li>
		</ul>
    </p>

  <p>
	    <b>[OOTB] Cisco ASA and IOS syslog. Version 4</b><br>
		Change list:
		<ul>
			<li>Support for new event types was added: "PARSER-5-CFGLOG_LOGGEDCMD", "SPAN-5-PKTCAP_START", "SPAN-SW1-5-PKTCAP_START", "MONITOR-5-ETH_SPAN_SESSION_UP", "C4K_REDUNDANCY-5-CONFIGSYNC", "AAAA-4-CLI_DEPRECATED".</li>
			<li>New extra normalizers were added: "PARSER", "SPAN", "MONITOR", "C4K_REDUNDANCY", "AAAA".</li>
			<li>New regular expressions were added to the extra normalizer «SYS».</li>
			<li>Option "Keep extra fields" was disabled for extra normalizers: "Product Separation", "ASA|FTD", "113039", "313009", "LINK", "SYS", "722029|722030|722031", "716039", "771002", "KV-part 734003", "430003|430002".</li>
		</ul>
    </p>
    
      <p>
	    <b>[OOTB] Cisco ASA and IOS syslog. Version 3</b><br>
		Change list:
		<ul>
			<li>New extra normalizer was added "DHCP_SNOOPING".</li>
			<li>New extra normalizer was added "SEC".</li>
			<li>In the extra normalizer "113004" was added new regular expression.</li>
			<li>In the extra normalizer "SSH2_SESSION" was added new regular expression.</li>
			<li>In the extra normalizer "SSH2_USERAUTH" was added new regular expression.</li>
			<li>New conditions were added to the extra normalizer "SSH".</li>
			<li>New event mapping was added to the extra normalizer "717022". Event field "SN" was mapped to the KUMA field DeviceCustomString2, event field "email" was mapped to the KUMA field DeviceCustomString3, event field "cn" was mapped to the KUMA field SourceUserName. Mapping was removed from the KUMA field FlexString1.</li>
			<li>Event enrichment with constants to the DeviceCustom*label fields was removed in the extra normalizers: 106011, 111008, 111010, 113003, 113004, 113009, 113011, 113019, 210022, 302010, 303002, 313001, 313009, 502103, 602101, 606001, 606002, 711004, 716059, 717016, 717022, 717028, 717053, 720036, 720038, 720044, 720068, 720073, 721016, 721018, 722010, 722011, 722012, 722022, 722032, 722035, 722036, 722041, 722051, 722053, 722055, 733100, 734001, 737003, 737006, 737016, 737026, 737029, 737031, 737034.</li>
		</ul>
    </p>
    
    <p>
	    <b>[OOTB] Cisco ASA and IOS syslog. Version 2</b><br>
		Change list:
		<ul>
			<li>Support of event parsing from generated by Cisco Firepower Threat Defense (version 7.2) was added.</li>
			<li>New extra normalizers were added: 106016, 106017, 109201, 109207, 109210, 111009, 113015, 113028, 113034, 199016, 199017, 199018, 305006, 317077, 317078, 321006, 419003, 430002, 430003, 500003, 710006, 716039, 716047, 716603, 717025, 717029, 717030, 717036, 717038, 722029, 722030, 722031, 725004, 725008, 725010, 725011, 725012, 725014, 725017, 725021, 725022, 725023, 725024, 734002, 734003, 734004, 737001, 737035, 737200, 737201, 737400, 737401, 746012, 746013, 771002, 815004, 852001, 852002, 6414004.</li>
		</ul>
    </p>
  
  <p>
    <b>[OOTB] Cisco ASA and IOS syslog. Version 1</b><br>
   	Change list:
	<ul>
		<li>Regular expressions in the extra normalizers "302013", "for302014","302015", "302016" was fixed. Event field mapping was updated.</li>
		<li>Extra normalizer "ASA" was changed. Event enrichment for the field DeviceDirection was added (replace "outbound" with "0" and replace "inbound" with "1").</li>
		<li>Normalizer name was changed to "[OOTB] Cisco ASA and IOS syslog.</li>
		<li>Other minor improvements.</li>
  </ul>
  </p>

</body>
</html>