Cisco - add new events

[lvoloshyn-sekoia]

https://github.com/SekoiaLab/integration/issues/310

[github-actions]

Smart descriptions generated from the latest tests at 2024-12-17 10:10:33:

Test File	Smart Description
Cisco/cisco-secure-firewall/tests/test_106001.json	Connection from 172.16.10.234:901 to 192.168.122.55:111 were denied
Cisco/cisco-secure-firewall/tests/test_106006.json	Connection from 172.16.10.234:901 to 192.168.122.55:111 were deny
Cisco/cisco-secure-firewall/tests/test_430002.json	%NGIPS-1-430002: EventPriority: Low, DeviceUUID: b2433c5c-a6a1-11eb-a6e7-be0b9833091f, InstanceID: 2, FirstPacketSecond: 2021-04-30T11:31:19Z, ConnectionID: 4, AccessControlRuleAction: Allow, SrcIP: 172.16.10.10, DstIP: 172.16.20.10, ICMPType: Echo Request, ICMPCode: No Code, Protocol: icmp, IngressInterface: inside, EgressInterface: outside, ACPolicy: Default Allow All Traffic, AccessControlRuleName: test, Client: ICMP client, ApplicationProtocol: ICMP, InitiatorPackets: 1, ResponderPackets: 0, InitiatorBytes: 74, ResponderBytes: 0, NAPPolicy: Balanced Security and Connectivity
Cisco/cisco-secure-firewall/tests/test_430003.json	Connection from 93.157.158.93:13723 to 10.1.9.9:80 were connection-finished
Cisco/cisco-secure-firewall/tests/test_430005.json	Connection from 10.0.1.20:46004 to 81.2.69.144:80 were malware-detected
Cisco/cisco-secure-firewall/tests/test_ASA_106012.json	192.168.122.143: IP options: "Router Alert"
Cisco/cisco-secure-firewall/tests/test_ASA_106015.json	Connection from 10.9.4.3:52675 to 161.5.222.141:443 were deny
Cisco/cisco-secure-firewall/tests/test_ASA_106023.json	Connection from 10.0.200.29:320 to 224.0.1.129:320 were deny
Cisco/cisco-secure-firewall/tests/test_ASA_106100.json	Connection from 10.1.0.16:42592 to 10.1.1.76:161 were permitted
Cisco/cisco-secure-firewall/tests/test_ASA_110003.json	%ASA-6-110003: Routing failed to locate next hop for icmp from WAN:10.11.0.2/0 to WAN:10.112.115.1/0
Cisco/cisco-secure-firewall/tests/test_ASA_111007.json	%ASA-5-111007: Begin configuration: 10.24.25.21 reading from http [POST]
Cisco/cisco-secure-firewall/tests/test_ASA_111008.json	%ASA-5-111008: User 'admintufin' executed the 'login' command
Cisco/cisco-secure-firewall/tests/test_ASA_113004.json	User jdoe001566 authentication on server 10.79.48.28 success
Cisco/cisco-secure-firewall/tests/test_ASA_113012.json	User admintufin logged in
Cisco/cisco-secure-firewall/tests/test_ASA_199019.json	%ASA-7-199019: Mar 6 21:58:53 Ipc[1234]: func return 1#012
Cisco/cisco-secure-firewall/tests/test_ASA_302013.json	Connection from 10.1.7.248:40454 to 10.1.0.10:53 were built
Cisco/cisco-secure-firewall/tests/test_ASA_302014.json	Connection from 9.27.0.93:63677 to 172.17.1.200:443 were teardown
Cisco/cisco-secure-firewall/tests/test_ASA_302020.json	Connection from 47.241.116.84:10800 to 10.11.0.2:0 were built
Cisco/cisco-secure-firewall/tests/test_ASA_302020_2.json	Connection from 1.2.3.4:1 to 1.2.3.5:0 were built
Cisco/cisco-secure-firewall/tests/test_ASA_302021.json	Connection from 172.16.10.208:2189 to 172.16.19.90:0 were teardown
Cisco/cisco-secure-firewall/tests/test_ASA_302021_2.json	Connection from 1.2.3.4:25481 to 1.2.4.3:0 were teardown
Cisco/cisco-secure-firewall/tests/test_ASA_302021_3.json	Connection from 1.2.3.4:14 to 172.1.1.2:0 were built
Cisco/cisco-secure-firewall/tests/test_ASA_302021_4.json	Connection from 1.2.3.4:14 to 172.1.1.2:0 were teardown
Cisco/cisco-secure-firewall/tests/test_ASA_305011.json	Connection from 10.79.16.23:35928 to 126.189.129.55:35928 were built
Cisco/cisco-secure-firewall/tests/test_ASA_305012.json	Connection from 10.79.16.24:55924 to 12.18.129.56:55924 were teardown
Cisco/cisco-secure-firewall/tests/test_ASA_313005.json	Connection for user a.smithee group LOCAL from 1.2.3.4: no matching connection
Cisco/cisco-secure-firewall/tests/test_ASA_313008.json	%ASA-3-313008: Denied IPv6-ICMP type=136, code=0 from fe80::f037:5fbc:b824:230d on interface NEA-FOR-WIFOR
Cisco/cisco-secure-firewall/tests/test_ASA_609002.json	%ASA-7-609002: Teardown local-host outside:1.2.3.4 duration 0:10:26
Cisco/cisco-secure-firewall/tests/test_ASA_611101.json	User admintufin authentication: succeeded
Cisco/cisco-secure-firewall/tests/test_ASA_611103.json	User admintufin logged out
Cisco/cisco-secure-firewall/tests/test_ASA_716058.json	Connection for user Acme_account group CLIENT_VPN from 86.199.78.204: anyconnect session lost connection
Cisco/cisco-secure-firewall/tests/test_ASA_716059.json	Connection for user User_Acme group CLIENT_VPN from 10.17.100.175: anyconnect session resumed
Cisco/cisco-secure-firewall/tests/test_ASA_722011.json	Connection for user User_acme group GroupPolicy_CLIENT_VPN from 91.172.139.4: reconnecting the vpn tunnel..
Cisco/cisco-secure-firewall/tests/test_ASA_722012.json	Connection for user User_Acme group GroupPolicy_CLIENT_VPN from 86.217.237.163: client pc is going into suspend mode (sleep, hibernate, etc)..
Cisco/cisco-secure-firewall/tests/test_ASA_722023.json	Connection for user User_Acme group GroupPolicy_CLIENT_VPN from 86.215.190.93: svc connection terminated
Cisco/cisco-secure-firewall/tests/test_ASA_722023_2.json	Connection for user a.smithee group GroupPolicy-CLIENT-VPN from 1.2.3.4: svc connection terminated
Cisco/cisco-secure-firewall/tests/test_ASA_722028.json	Connection for user User_Acme group GroupPolicy_CLIENT_VPN from 91.172.139.4: connection closed.
Cisco/cisco-secure-firewall/tests/test_ASA_722032.json	Connection for user User_Acme group GroupPolicy_CLIENT_VPN from 93.23.18.76: connection replacing old connection.
Cisco/cisco-secure-firewall/tests/test_ASA_722033.json	Connection for user User_Acme group GroupPolicy_CLIENT_VPN from 77.205.143.138: connection established for svc session.
Cisco/cisco-secure-firewall/tests/test_ASA_722034.json	Connection for user User_Acme group GroupPolicy_CLIENT_VPN from 109.17.100.175: connection, no existing connection.
Cisco/cisco-secure-firewall/tests/test_ASA_722037.json	Connection for user User_Acme group GroupPolicy_CLIENT_VPN from 92.131.212.102: closing connection
Cisco/cisco-secure-firewall/tests/test_ASA_725001.json	%ASA-6-725001: Starting SSL handshake with client WAN:195.101.173.60/49238 for TLS session.
Cisco/cisco-secure-firewall/tests/test_ASA_725002.json	%ASA-6-725002: Device completed SSL handshake with client WAN:90.114.208.186/65531
Cisco/cisco-secure-firewall/tests/test_ASA_725006.json	%ASA-6-725006: Device failed SSL handshake with client WAN:195.101.173.60/49699
Cisco/cisco-secure-firewall/tests/test_ASA_725007.json	195.101.173.60: terminated
Cisco/cisco-secure-firewall/tests/test_ASA_733100.json	%ASA-4-733100: [scanning] drop rate-1 exceeded. Current burst rate is 8 per second, max configured rate is 10; Current average rate is 23 per second, max configured rate is 5; Cumulative total count is 14188
Cisco/cisco-secure-firewall/tests/test_ASA_737016.json	%ASA-6-737016: IPAA: Freeing local pool address 192.168.122.247
Cisco/cisco-secure-firewall/tests/test_ASA_852001.json	%FTD-6-852001: Received Lightweight to full proxy event from application Snort for TCP flow 1.2.3.4/10000 to 4.3.2.1/47003
Cisco/cisco-secure-firewall/tests/test_FTD_109201.json	User User_Acme from 1.2.3.4: Succeeded adding entry.
Cisco/cisco-secure-firewall/tests/test_FTD_113004.json	User jdoe authentication on server 10.10.48.61 success
Cisco/cisco-secure-firewall/tests/test_FTD_113004_2.json	User User_Acme authentication on server 1.2.3.4 success
Cisco/cisco-secure-firewall/tests/test_FTD_113019.json	User User_Acme from 1.2.3.4: Idle Timeout
Cisco/cisco-secure-firewall/tests/test_FTD_113039.json	User User_Acme from 192.168.91.121: AnyConnect parent session started.
Cisco/cisco-secure-firewall/tests/test_FTD_430002_1.json	Connection from 1.2.3.4:63853 to 5.6.7.8:443 were connection-started
Cisco/cisco-secure-firewall/tests/test_FTD_430003_1.json	Connection from 1.2.3.4:56901 to 5.6.7.8:53 were connection-finished
Cisco/cisco-secure-firewall/tests/test_FTD_430003_2.json	Connection from 1.2.3.4:50158 to 5.6.7.8:443 were connection-finished
Cisco/cisco-secure-firewall/tests/test_FTD_430003_3.json	Connection from 10.55.21.168:77777 to 142.55.179.67:80 were connection-finished
Cisco/cisco-secure-firewall/tests/test_group_1.json	Connection for user JD34242243 group AnyConnect-SESAME from 1.2.3.4: anyconnect session lost connection
Cisco/cisco-secure-firewall/tests/test_group_10.json	aaa_shim_thread: Task ran for 100 msec
Cisco/cisco-secure-firewall/tests/test_group_1_2.json	User MyUser from 1.2.3.4: IPv4 Address <1.2.3.4> IPv6 address <::> assigned to session
Cisco/cisco-secure-firewall/tests/test_group_1_3.json	User MyUser from 3deb:3c5e:59d0:53ad:1115:d3d7:58da:47d6: IPv4 Address <> IPv6 address <3deb:3c5e:59d0:53ad:1115:d3d7:58da:47d6> assigned to session
Cisco/cisco-secure-firewall/tests/test_group_2.json	User JD34242243 from 1.2.3.4: DPD failure
Cisco/cisco-secure-firewall/tests/test_group_2_2.json	Group User IP <1.2.3.4> Client Type: Cisco AnyConnect VPN Agent for Windows 4.10.07061
Cisco/cisco-secure-firewall/tests/test_group_2_3.json	Group User IP <1.2.3.4> Client Type: Cisco AnyConnect VPN Agent for Windows 4.10.07061
Cisco/cisco-secure-firewall/tests/test_group_3.json	User JD34242243 from 1.2.3.4: Idle Timeout
Cisco/cisco-secure-firewall/tests/test_group_4.json	aaa_shim_thread: Task ran for 109 msec
Cisco/cisco-secure-firewall/tests/test_group_5.json	User JD34242243 from 1.2.3.4: No IPv6 address available for SVC connection
Cisco/cisco-secure-firewall/tests/test_group_6_2.json	Connection for user MyUser group AnyConnect-EXAMPLE from 1.2.3.4: anyconnect session lost connection
Cisco/cisco-secure-firewall/tests/test_group_7.json	User MyUser from 4.3.2.1: No IPv6 address available for SVC connection
Cisco/cisco-secure-firewall/tests/test_group_9.json	User JOHN DOE: Tunnel group search using certificate maps failed for peer certificate

[squioc]

LGTM