From fe2e99f4af5d4da12303a464097528d19836b027 Mon Sep 17 00:00:00 2001 From: Bhavin Patel Date: Thu, 25 Sep 2025 12:34:31 -0700 Subject: [PATCH 1/5] updating datasets --- datasets/cisco_asa/arcane_door/cisco_asa.txt | 287 +++++++++++++++++++ datasets/cisco_asa/arcane_door/cisco_asa.yml | 13 + 2 files changed, 300 insertions(+) create mode 100644 datasets/cisco_asa/arcane_door/cisco_asa.txt create mode 100644 datasets/cisco_asa/arcane_door/cisco_asa.yml diff --git a/datasets/cisco_asa/arcane_door/cisco_asa.txt b/datasets/cisco_asa/arcane_door/cisco_asa.txt new file mode 100644 index 00000000..43496ae3 --- /dev/null +++ b/datasets/cisco_asa/arcane_door/cisco_asa.txt @@ -0,0 +1,287 @@ +Sep 23 18:13:32 18.144.133.67 :2025-09-23T18:13:31Z: %ASA-config-7-111009: User 'enable_15' executed cmd: show checkheaps +Sep 23 18:08:27 18.144.133.67 :2025-09-23T18:08:27Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'logging emblem' +Sep 23 18:08:27 18.144.133.67 :2025-09-23T18:08:27Z: %ASA-config-5-111008: User 'admin' executed the 'logging emblem' command. +Sep 23 18:08:27 18.144.133.67 :2025-09-23T18:08:27Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'logging debug-trace' +Sep 23 18:08:27 18.144.133.67 :2025-09-23T18:08:27Z: %ASA-config-5-111008: User 'admin' executed the 'logging debug-trace' command. +Sep 23 18:08:27 18.144.133.67 :2025-09-23T18:08:27Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'logging standby' +Sep 23 18:08:27 18.144.133.67 :2025-09-23T18:08:27Z: %ASA-config-5-111008: User 'admin' executed the 'logging standby' command. +Sep 23 18:08:24 18.144.133.67 :2025-09-23T18:08:23Z: %ASA-config-7-111009: User 'admin' executed cmd: show memory +Sep 23 18:07:48 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show logging message all +Sep 23 18:07:13 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show service-policy user-statistics +Sep 23 18:07:02 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show service-policy user-statistics +Sep 23 18:06:51 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show arp +Sep 23 18:06:23 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show service-policy user-statistics +Sep 23 18:06:20 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show jumbo-frame reservation +Sep 23 18:06:17 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show service-policy user-statistics +Sep 23 18:06:13 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show ip address management +Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config hpm +Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config dynamic-filter +Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config threat-detection +Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config sla monitor +Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config track +Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config interface +Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config route +Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config +Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config +Sep 23 18:06:08 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config aaa authorization +Sep 23 18:06:05 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'write memory' +Sep 23 18:06:05 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'write memory' command. +Sep 23 18:06:02 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show arp +Sep 23 18:05:49 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show service-policy user-statistics +Sep 23 18:05:43 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show cluster info +Sep 23 18:05:41 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show cluster interface-mode +Sep 23 18:05:35 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show mode +Sep 23 18:05:35 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show firewall +Sep 23 18:05:35 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show asdm sessions +Sep 23 18:05:35 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'perfmon interval 10' command. +Sep 23 18:05:35 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show curpriv +Sep 23 18:05:35 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show version +Sep 23 18:03:20 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'write memory' +Sep 23 18:03:20 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'enable_15' executed the 'write memory' command. +Sep 23 18:02:28 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'checkheaps check-interval 0' +Sep 23 18:02:28 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'enable_15' executed the 'checkheaps check-interval 0' command. +Sep 23 18:02:19 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'configure terminal' +Sep 23 18:02:19 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'enable_15' executed the 'configure terminal' command. +Sep 23 17:59:42 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'enable_15' executed cmd: show checkheaps +Sep 23 17:56:05 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'enable_15' executed the 'copy /pcap capture:CAP tftp:' command. +Sep 23 17:54:20 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'logging on' +Sep 23 17:54:20 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'enable_15' executed the 'logging on' command. +Sep 23 17:43:19 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'no logging on' +Sep 23 17:43:19 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'enable_15' executed the 'no logging on' command. +Sep 23 17:42:20 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'logging on' +Sep 23 17:42:20 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'enable_15' executed the 'logging on' command. +Sep 23 16:54:34 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'no logging enable' +Sep 23 16:54:34 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'no logging enable' command. +Sep 23 16:39:14 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'enable_15' executed the 'configure terminal' command. +Sep 23 16:34:24 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'no logging message 103012 standby' +Sep 23 16:34:24 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'no logging message 103012 standby' command. +Sep 23 16:34:24 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'no logging message 103012' +Sep 23 16:34:24 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'no logging message 103012' command. +Sep 23 16:31:54 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'enable_15' executed cmd: show version +Sep 23 16:31:20 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'enable_15' executed cmd: show version +Sep 23 16:31:04 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'enable_15' executed cmd: show version +Sep 23 16:26:48 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'logging debug-trace' +Sep 23 16:26:48 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'logging debug-trace' command. +Sep 23 16:26:48 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'logging standby' +Sep 23 16:26:48 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'logging standby' command. +Sep 23 16:26:48 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'logging enable' +Sep 23 16:26:48 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'logging enable' command. +Sep 23 16:16:24 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'no logging enable' +Sep 23 16:16:24 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'no logging enable' command. +Sep 23 16:16:24 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show memory +Sep 23 16:13:25 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show service-policy user-statistics +Sep 22 22:19:37 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show logging message all +Sep 22 22:17:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'logging console Debugging' +Sep 22 22:17:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'logging console Debugging' command. +Sep 22 22:16:53 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'logging trap Debugging' +Sep 22 22:16:53 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'logging trap Debugging' command. +Sep 22 22:16:13 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'CLI' from IP 0.0.0.0, executed 'dir disk0:/dap.xml' +Sep 22 22:16:13 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'dir disk0:/dap.xml' command. +Sep 22 22:16:13 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'CLI' from IP 0.0.0.0, executed 'show running-config all ipv6' +Sep 22 22:16:13 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'show running-config all ipv6' command. +Sep 22 22:16:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'configure term' command. +Sep 22 22:13:15 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'CLI' from IP 0.0.0.0, executed 'dir disk0:/dap.xml' +Sep 22 22:13:15 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'dir disk0:/dap.xml' command. +Sep 22 22:13:15 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'CLI' from IP 0.0.0.0, executed 'show running-config all ipv6' +Sep 22 22:13:15 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'show running-config all ipv6' command. +Sep 22 22:13:14 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'configure term' command. +Sep 23 19:27:50 18.144.133.67 :2025-09-23T19:27:49Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 19:25:48 18.144.133.67 :2025-09-23T19:25:48Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:05:58 +Sep 23 19:21:57 18.144.133.67 :2025-09-23T19:21:57Z: %ASA-session-7-609002: Teardown local-host management:172.31.0.1 duration 0:02:01 +Sep 23 19:19:49 18.144.133.67 :2025-09-23T19:19:49Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 19:17:48 18.144.133.67 :2025-09-23T19:17:47Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 19:15:46 18.144.133.67 :2025-09-23T19:15:46Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:03:57 +Sep 23 19:11:49 18.144.133.67 :2025-09-23T19:11:48Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 19:09:47 18.144.133.67 :2025-09-23T19:09:47Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 19:07:46 18.144.133.67 :2025-09-23T19:07:45Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 19:05:44 18.144.133.67 :2025-09-23T19:05:44Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:03:57 +Sep 23 19:01:47 18.144.133.67 :2025-09-23T19:01:46Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 18:59:45 18.144.133.67 :2025-09-23T18:59:45Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 18:57:44 18.144.133.67 :2025-09-23T18:57:43Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 18:55:43 18.144.133.67 :2025-09-23T18:55:42Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:05:58 +Sep 23 18:51:57 18.144.133.67 :2025-09-23T18:51:56Z: %ASA-session-7-609002: Teardown local-host management:172.31.0.1 duration 0:02:01 +Sep 23 18:49:44 18.144.133.67 :2025-09-23T18:49:43Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 18:47:42 18.144.133.67 :2025-09-23T18:47:42Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 18:45:41 18.144.133.67 :2025-09-23T18:45:40Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:03:57 +Sep 23 18:41:43 18.144.133.67 :2025-09-23T18:41:43Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 18:39:42 18.144.133.67 :2025-09-23T18:39:41Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 18:37:40 18.144.133.67 :2025-09-23T18:37:40Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 18:35:39 18.144.133.67 :2025-09-23T18:35:38Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:03:57 +Sep 23 18:31:41 18.144.133.67 :2025-09-23T18:31:41Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 18:29:40 18.144.133.67 :2025-09-23T18:29:39Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 18:27:38 18.144.133.67 :2025-09-23T18:27:38Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 18:25:37 18.144.133.67 :2025-09-23T18:25:36Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:03:40 +Sep 23 18:21:57 18.144.133.67 :2025-09-23T18:21:56Z: %ASA-session-7-609002: Teardown local-host management:172.31.0.1 duration 0:02:01 +Sep 23 18:21:57 18.144.133.67 :2025-09-23T18:21:56Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:18 +Sep 23 18:19:38 18.144.133.67 :2025-09-23T18:19:37Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 18:17:36 18.144.133.67 :2025-09-23T18:17:36Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 18:15:35 18.144.133.67 :2025-09-23T18:15:34Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:03:04 +Sep 23 18:12:30 18.144.133.67 :2025-09-23T18:12:30Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 +Sep 23 18:10:29 18.144.133.67 :2025-09-23T18:10:28Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:16:07 +Sep 23 18:08:22 18.144.133.67 :2025-09-23T18:08:22Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55608 to management:172.31.12.229/443 +Sep 23 18:08:22 18.144.133.67 :2025-09-23T18:08:22Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55608 to management:172.31.12.229/443 +Sep 23 18:08:22 18.144.133.67 :2025-09-23T18:08:22Z: %ASA-session-6-302014: Teardown TCP connection 2019 for management:198.27.166.158/55608 to identity:172.31.12.229/443 duration 0:00:00 bytes 1285 TCP Reset-O from identity -1 -1 +Sep 23 18:08:22 18.144.133.67 :2025-09-23T18:08:22Z: %ASA-session-6-302013: Built inbound TCP connection 2019 for management:198.27.166.158/55608 (198.27.166.158/55608) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:08:22 18.144.133.67 :2025-09-23T18:08:22Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55607 to management:172.31.12.229/443 +Sep 23 18:08:22 18.144.133.67 :2025-09-23T18:08:22Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55607 to management:172.31.12.229/443 +Sep 23 18:08:22 18.144.133.67 :2025-09-23T18:08:22Z: %ASA-session-6-302014: Teardown TCP connection 2018 for management:198.27.166.158/55607 to identity:172.31.12.229/443 duration 0:00:00 bytes 1585 TCP Reset-O from identity -1 -1 +Sep 23 18:08:22 18.144.133.67 :2025-09-23T18:08:22Z: %ASA-session-6-302013: Built inbound TCP connection 2018 for management:198.27.166.158/55607 (198.27.166.158/55607) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:07:46 18.144.133.67 :2025-09-23T18:07:46Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55529 to management:172.31.12.229/443 +Sep 23 18:07:46 18.144.133.67 :2025-09-23T18:07:46Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55529 to management:172.31.12.229/443 +Sep 23 18:07:46 18.144.133.67 :2025-09-23T18:07:46Z: %ASA-session-6-302014: Teardown TCP connection 2017 for management:198.27.166.158/55529 to identity:172.31.12.229/443 duration 0:00:00 bytes 230268 TCP Reset-O from identity -1 -1 +Sep 23 18:07:46 18.144.133.67 :2025-09-23T18:07:45Z: %ASA-session-6-302013: Built inbound TCP connection 2017 for management:198.27.166.158/55529 (198.27.166.158/55529) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:07:11 18.144.133.67 :2025-09-23T18:07:11Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55517 to management:172.31.12.229/443 +Sep 23 18:07:11 18.144.133.67 :2025-09-23T18:07:11Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55517 to management:172.31.12.229/443 +Sep 23 18:07:11 18.144.133.67 :2025-09-23T18:07:11Z: %ASA-session-6-302014: Teardown TCP connection 2016 for management:198.27.166.158/55517 to identity:172.31.12.229/443 duration 0:00:00 bytes 954 TCP Reset-O from identity -1 -1 +Sep 23 18:07:11 18.144.133.67 :2025-09-23T18:07:11Z: %ASA-session-6-302013: Built inbound TCP connection 2016 for management:198.27.166.158/55517 (198.27.166.158/55517) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:07:00 18.144.133.67 :2025-09-23T18:07:00Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55508 to management:172.31.12.229/443 +Sep 23 18:07:00 18.144.133.67 :2025-09-23T18:07:00Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55508 to management:172.31.12.229/443 +Sep 23 18:07:00 18.144.133.67 :2025-09-23T18:07:00Z: %ASA-session-6-302014: Teardown TCP connection 2015 for management:198.27.166.158/55508 to identity:172.31.12.229/443 duration 0:00:00 bytes 953 TCP Reset-O from identity -1 -1 +Sep 23 18:07:00 18.144.133.67 :2025-09-23T18:07:00Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55508 to management:172.31.12.229/443 +Sep 23 18:07:00 18.144.133.67 :2025-09-23T18:07:00Z: %ASA-session-6-302013: Built inbound TCP connection 2015 for management:198.27.166.158/55508 (198.27.166.158/55508) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:06:49 18.144.133.67 :2025-09-23T18:06:49Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55497 to management:172.31.12.229/443 +Sep 23 18:06:49 18.144.133.67 :2025-09-23T18:06:49Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55497 to management:172.31.12.229/443 +Sep 23 18:06:49 18.144.133.67 :2025-09-23T18:06:49Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55497 to management:172.31.12.229/443 +Sep 23 18:06:49 18.144.133.67 :2025-09-23T18:06:49Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55497 to management:172.31.12.229/443 +Sep 23 18:06:49 18.144.133.67 :2025-09-23T18:06:49Z: %ASA-session-6-302014: Teardown TCP connection 2014 for management:198.27.166.158/55497 to identity:172.31.12.229/443 duration 0:00:00 bytes 1082 TCP Reset-O from identity -1 -1 +Sep 23 18:06:49 18.144.133.67 :2025-09-23T18:06:49Z: %ASA-session-6-302013: Built inbound TCP connection 2014 for management:198.27.166.158/55497 (198.27.166.158/55497) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:06:06 18.144.133.67 :2025-09-23T18:06:05Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55482 to management:172.31.12.229/443 +Sep 23 18:06:06 18.144.133.67 :2025-09-23T18:06:05Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55482 to management:172.31.12.229/443 +Sep 23 18:06:06 18.144.133.67 :2025-09-23T18:06:05Z: %ASA-session-6-302014: Teardown TCP connection 2013 for management:198.27.166.158/55482 to identity:172.31.12.229/443 duration 0:00:00 bytes 955 TCP Reset-O from identity -1 -1 +Sep 23 18:06:06 18.144.133.67 :2025-09-23T18:06:05Z: %ASA-session-6-302013: Built inbound TCP connection 2013 for management:198.27.166.158/55482 (198.27.166.158/55482) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:04Z: %ASA-session-6-302014: Teardown TCP connection 2012 for management:198.27.166.158/55479 to identity:172.31.12.229/443 duration 0:00:00 bytes 1020 TCP FINs from identity -1 -1 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302013: Built inbound TCP connection 2012 for management:198.27.166.158/55479 (198.27.166.158/55479) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55478 to management:172.31.12.229/443 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55478 to management:172.31.12.229/443 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302014: Teardown TCP connection 2011 for management:198.27.166.158/55478 to identity:172.31.12.229/443 duration 0:00:00 bytes 955 TCP Reset-O from identity -1 -1 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302013: Built inbound TCP connection 2011 for management:198.27.166.158/55478 (198.27.166.158/55478) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55477 to management:172.31.12.229/443 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55477 to management:172.31.12.229/443 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302014: Teardown TCP connection 2010 for management:198.27.166.158/55477 to identity:172.31.12.229/443 duration 0:00:00 bytes 1453 TCP Reset-O from identity -1 -1 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55476 to management:172.31.12.229/443 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55476 to management:172.31.12.229/443 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302014: Teardown TCP connection 2009 for management:198.27.166.158/55476 to identity:172.31.12.229/443 duration 0:00:00 bytes 1307 TCP Reset-O from identity -1 -1 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302013: Built inbound TCP connection 2010 for management:198.27.166.158/55477 (198.27.166.158/55477) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302013: Built inbound TCP connection 2009 for management:198.27.166.158/55476 (198.27.166.158/55476) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55475 to management:172.31.12.229/443 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55475 to management:172.31.12.229/443 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302014: Teardown TCP connection 2008 for management:198.27.166.158/55475 to identity:172.31.12.229/443 duration 0:00:00 bytes 1022 TCP Reset-O from identity -1 -1 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302013: Built inbound TCP connection 2008 for management:198.27.166.158/55475 (198.27.166.158/55475) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55473 to management:172.31.12.229/443 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55473 to management:172.31.12.229/443 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302014: Teardown TCP connection 2007 for management:198.27.166.158/55473 to identity:172.31.12.229/443 duration 0:00:00 bytes 1252 TCP Reset-O from identity -1 -1 +Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302013: Built inbound TCP connection 2007 for management:198.27.166.158/55473 (198.27.166.158/55473) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:06:01 18.144.133.67 :2025-09-23T18:06:00Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55470 to management:172.31.12.229/443 +Sep 23 18:06:01 18.144.133.67 :2025-09-23T18:06:00Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55470 to management:172.31.12.229/443 +Sep 23 18:06:01 18.144.133.67 :2025-09-23T18:06:00Z: %ASA-session-6-302014: Teardown TCP connection 2006 for management:198.27.166.158/55470 to identity:172.31.12.229/443 duration 0:00:00 bytes 1082 TCP Reset-O from identity -1 -1 +Sep 23 18:06:01 18.144.133.67 :2025-09-23T18:06:00Z: %ASA-session-6-302013: Built inbound TCP connection 2006 for management:198.27.166.158/55470 (198.27.166.158/55470) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:38 18.144.133.67 :2025-09-23T18:05:38Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55464 to management:172.31.12.229/443 +Sep 23 18:05:38 18.144.133.67 :2025-09-23T18:05:38Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55464 to management:172.31.12.229/443 +Sep 23 18:05:38 18.144.133.67 :2025-09-23T18:05:38Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55464 to management:172.31.12.229/443 +Sep 23 18:05:38 18.144.133.67 :2025-09-23T18:05:38Z: %ASA-session-6-302014: Teardown TCP connection 2005 for management:198.27.166.158/55464 to identity:172.31.12.229/443 duration 0:00:00 bytes 954 TCP Reset-O from identity -1 -1 +Sep 23 18:05:38 18.144.133.67 :2025-09-23T18:05:38Z: %ASA-session-6-302013: Built inbound TCP connection 2005 for management:198.27.166.158/55464 (198.27.166.158/55464) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:35 18.144.133.67 :2025-09-23T18:05:34Z: %ASA-session-6-302014: Teardown TCP connection 2004 for management:198.27.166.158/55462 to identity:172.31.12.229/443 duration 0:00:09 bytes 1022 TCP FINs from identity -1 -1 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55451 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55449 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55455 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1999 for management:198.27.166.158/55457 to identity:172.31.12.229/443 duration 0:00:00 bytes 1432 TCP Reset-I from management -1 -1 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 2004 for management:198.27.166.158/55462 (198.27.166.158/55462) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1998 for management:198.27.166.158/55456 to identity:172.31.12.229/443 duration 0:00:00 bytes 1420 TCP Reset-I from management -1 -1 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1995 for management:198.27.166.158/55453 to identity:172.31.12.229/443 duration 0:00:00 bytes 1437 TCP Reset-I from management -1 -1 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55451 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1993 for management:198.27.166.158/55451 to identity:172.31.12.229/443 duration 0:00:00 bytes 1369 TCP Reset-O from identity -1 -1 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55450 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55450 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1992 for management:198.27.166.158/55450 to identity:172.31.12.229/443 duration 0:00:00 bytes 2813 TCP Reset-O from identity -1 -1 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55448 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55448 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1990 for management:198.27.166.158/55448 to identity:172.31.12.229/443 duration 0:00:00 bytes 1001 TCP Reset-O from identity -1 -1 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55449 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1991 for management:198.27.166.158/55449 to identity:172.31.12.229/443 duration 0:00:00 bytes 955 TCP Reset-O from identity -1 -1 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55458 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55458 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 2000 for management:198.27.166.158/55458 to identity:172.31.12.229/443 duration 0:00:00 bytes 1451 TCP Reset-O from identity -1 -1 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55455 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1997 for management:198.27.166.158/55455 to identity:172.31.12.229/443 duration 0:00:00 bytes 1102 TCP Reset-O from identity -1 -1 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55461 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55461 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 2003 for management:198.27.166.158/55461 to identity:172.31.12.229/443 duration 0:00:00 bytes 1136 TCP Reset-O from identity -1 -1 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 2003 for management:198.27.166.158/55461 (198.27.166.158/55461) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55460 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55460 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55460 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 2002 for management:198.27.166.158/55460 to identity:172.31.12.229/443 duration 0:00:00 bytes 1136 TCP Reset-O from identity -1 -1 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 2002 for management:198.27.166.158/55460 (198.27.166.158/55460) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55459 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55459 to management:172.31.12.229/443 +Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 2001 for management:198.27.166.158/55459 to identity:172.31.12.229/443 duration 0:00:00 bytes 1092 TCP Reset-O from identity -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 2001 for management:198.27.166.158/55459 (198.27.166.158/55459) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 2000 for management:198.27.166.158/55458 (198.27.166.158/55458) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1999 for management:198.27.166.158/55457 (198.27.166.158/55457) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1998 for management:198.27.166.158/55456 (198.27.166.158/55456) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1997 for management:198.27.166.158/55455 (198.27.166.158/55455) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55454 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55454 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55454 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1996 for management:198.27.166.158/55454 to identity:172.31.12.229/443 duration 0:00:00 bytes 1034 TCP Reset-O from identity -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1996 for management:198.27.166.158/55454 (198.27.166.158/55454) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1995 for management:198.27.166.158/55453 (198.27.166.158/55453) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55447 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55447 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1989 for management:198.27.166.158/55447 to identity:172.31.12.229/443 duration 0:00:00 bytes 18996 TCP Reset-O from identity -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55452 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55452 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1994 for management:198.27.166.158/55452 to identity:172.31.12.229/443 duration 0:00:00 bytes 1452 TCP Reset-O from identity -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1994 for management:198.27.166.158/55452 (198.27.166.158/55452) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1993 for management:198.27.166.158/55451 (198.27.166.158/55451) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1992 for management:198.27.166.158/55450 (198.27.166.158/55450) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1991 for management:198.27.166.158/55449 (198.27.166.158/55449) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1990 for management:198.27.166.158/55448 (198.27.166.158/55448) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55446 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1989 for management:198.27.166.158/55447 (198.27.166.158/55447) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55446 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1988 for management:198.27.166.158/55446 to identity:172.31.12.229/443 duration 0:00:00 bytes 1022 TCP Reset-O from identity -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1988 for management:198.27.166.158/55446 (198.27.166.158/55446) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55445 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55445 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1987 for management:198.27.166.158/55445 to identity:172.31.12.229/443 duration 0:00:00 bytes 4185 TCP Reset-O from identity -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1987 for management:198.27.166.158/55445 (198.27.166.158/55445) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55444 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55444 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302014: Teardown TCP connection 1986 for management:198.27.166.158/55444 to identity:172.31.12.229/443 duration 0:00:00 bytes 1053 TCP Reset-O from identity -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55443 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55443 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302014: Teardown TCP connection 1985 for management:198.27.166.158/55443 to identity:172.31.12.229/443 duration 0:00:00 bytes 1052 TCP Reset-O from identity -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1986 for management:198.27.166.158/55444 (198.27.166.158/55444) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1985 for management:198.27.166.158/55443 (198.27.166.158/55443) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55442 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55442 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302014: Teardown TCP connection 1984 for management:198.27.166.158/55442 to identity:172.31.12.229/443 duration 0:00:00 bytes 1023 TCP Reset-O from identity -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55441 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55441 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302014: Teardown TCP connection 1983 for management:198.27.166.158/55441 to identity:172.31.12.229/443 duration 0:00:00 bytes 953 TCP Reset-O from identity -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55439 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1984 for management:198.27.166.158/55442 (198.27.166.158/55442) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55439 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55439 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55439 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302014: Teardown TCP connection 1981 for management:198.27.166.158/55439 to identity:172.31.12.229/443 duration 0:00:00 bytes 1003 TCP Reset-O from identity -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1983 for management:198.27.166.158/55441 (198.27.166.158/55441) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1982 for management:198.27.166.158/55440 (198.27.166.158/55440) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1981 for management:198.27.166.158/55439 (198.27.166.158/55439) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55438 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55438 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302014: Teardown TCP connection 1980 for management:198.27.166.158/55438 to identity:172.31.12.229/443 duration 0:00:00 bytes 1188 TCP Reset-O from identity -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55437 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1980 for management:198.27.166.158/55438 (198.27.166.158/55438) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55437 to management:172.31.12.229/443 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302014: Teardown TCP connection 1979 for management:198.27.166.158/55437 to identity:172.31.12.229/443 duration 0:00:00 bytes 1433 TCP Reset-O from identity -1 -1 +Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1979 for management:198.27.166.158/55437 (198.27.166.158/55437) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:24 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55436 to management:172.31.12.229/443 +Sep 23 18:05:24 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55436 to management:172.31.12.229/443 +Sep 23 18:05:24 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302014: Teardown TCP connection 1978 for management:198.27.166.158/55436 to identity:172.31.12.229/443 duration 0:00:00 bytes 1136 TCP Reset-O from identity -1 -1 +Sep 23 18:05:24 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1978 for management:198.27.166.158/55436 (198.27.166.158/55436) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:24 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1977 for management:198.27.166.158/55435 (198.27.166.158/55435) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 +Sep 23 18:05:24 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55434 to management:172.31.12.229/443 +Sep 23 18:05:24 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55433 to management:172.31.12.229/443 +Sep 23 18:05:24 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55433 to management:172.31.12.229/443 \ No newline at end of file diff --git a/datasets/cisco_asa/arcane_door/cisco_asa.yml b/datasets/cisco_asa/arcane_door/cisco_asa.yml new file mode 100644 index 00000000..9ba61e8e --- /dev/null +++ b/datasets/cisco_asa/arcane_door/cisco_asa.yml @@ -0,0 +1,13 @@ +author: Bhavin Patel, Micheal Haag, Splunk +id: 9e3e8683-75ab-44eb-9c4f-a247fa02d852 +date: '2025-09-23' +description: Generated datasets for for Cisco ASA using manual simulation for ArcaneDoor behavior +environment: attack_range +directory: cisco_asa +mitre_technique: +- T1573 +datasets: +- name: cisco_asa + path: data/cisco_asa/cisco_asa.txt + sourcetype: cisco:asa + source: not_applicable \ No newline at end of file From f42d032ed797b490d25291c70c9749450b241b7e Mon Sep 17 00:00:00 2001 From: Bhavin Patel Date: Thu, 25 Sep 2025 12:43:34 -0700 Subject: [PATCH 2/5] lfs --- datasets/cisco_asa/arcane_door/cisco_asa.log | 3 + datasets/cisco_asa/arcane_door/cisco_asa.txt | 287 ------------------- 2 files changed, 3 insertions(+), 287 deletions(-) create mode 100644 datasets/cisco_asa/arcane_door/cisco_asa.log delete mode 100644 datasets/cisco_asa/arcane_door/cisco_asa.txt diff --git a/datasets/cisco_asa/arcane_door/cisco_asa.log b/datasets/cisco_asa/arcane_door/cisco_asa.log new file mode 100644 index 00000000..0d81c595 --- /dev/null +++ b/datasets/cisco_asa/arcane_door/cisco_asa.log @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:68b6e750f38b69f002e99c598226a6524ddc6a968e922070df01ff9899a4e483 +size 48492 diff --git a/datasets/cisco_asa/arcane_door/cisco_asa.txt b/datasets/cisco_asa/arcane_door/cisco_asa.txt deleted file mode 100644 index 43496ae3..00000000 --- a/datasets/cisco_asa/arcane_door/cisco_asa.txt +++ /dev/null @@ -1,287 +0,0 @@ -Sep 23 18:13:32 18.144.133.67 :2025-09-23T18:13:31Z: %ASA-config-7-111009: User 'enable_15' executed cmd: show checkheaps -Sep 23 18:08:27 18.144.133.67 :2025-09-23T18:08:27Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'logging emblem' -Sep 23 18:08:27 18.144.133.67 :2025-09-23T18:08:27Z: %ASA-config-5-111008: User 'admin' executed the 'logging emblem' command. -Sep 23 18:08:27 18.144.133.67 :2025-09-23T18:08:27Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'logging debug-trace' -Sep 23 18:08:27 18.144.133.67 :2025-09-23T18:08:27Z: %ASA-config-5-111008: User 'admin' executed the 'logging debug-trace' command. -Sep 23 18:08:27 18.144.133.67 :2025-09-23T18:08:27Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'logging standby' -Sep 23 18:08:27 18.144.133.67 :2025-09-23T18:08:27Z: %ASA-config-5-111008: User 'admin' executed the 'logging standby' command. -Sep 23 18:08:24 18.144.133.67 :2025-09-23T18:08:23Z: %ASA-config-7-111009: User 'admin' executed cmd: show memory -Sep 23 18:07:48 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show logging message all -Sep 23 18:07:13 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show service-policy user-statistics -Sep 23 18:07:02 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show service-policy user-statistics -Sep 23 18:06:51 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show arp -Sep 23 18:06:23 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show service-policy user-statistics -Sep 23 18:06:20 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show jumbo-frame reservation -Sep 23 18:06:17 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show service-policy user-statistics -Sep 23 18:06:13 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show ip address management -Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config hpm -Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config dynamic-filter -Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config threat-detection -Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config sla monitor -Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config track -Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config interface -Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config route -Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config -Sep 23 18:06:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config -Sep 23 18:06:08 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show running-config aaa authorization -Sep 23 18:06:05 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'write memory' -Sep 23 18:06:05 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'write memory' command. -Sep 23 18:06:02 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show arp -Sep 23 18:05:49 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show service-policy user-statistics -Sep 23 18:05:43 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show cluster info -Sep 23 18:05:41 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show cluster interface-mode -Sep 23 18:05:35 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show mode -Sep 23 18:05:35 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show firewall -Sep 23 18:05:35 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show asdm sessions -Sep 23 18:05:35 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'perfmon interval 10' command. -Sep 23 18:05:35 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show curpriv -Sep 23 18:05:35 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show version -Sep 23 18:03:20 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'write memory' -Sep 23 18:03:20 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'enable_15' executed the 'write memory' command. -Sep 23 18:02:28 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'checkheaps check-interval 0' -Sep 23 18:02:28 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'enable_15' executed the 'checkheaps check-interval 0' command. -Sep 23 18:02:19 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'configure terminal' -Sep 23 18:02:19 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'enable_15' executed the 'configure terminal' command. -Sep 23 17:59:42 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'enable_15' executed cmd: show checkheaps -Sep 23 17:56:05 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'enable_15' executed the 'copy /pcap capture:CAP tftp:' command. -Sep 23 17:54:20 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'logging on' -Sep 23 17:54:20 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'enable_15' executed the 'logging on' command. -Sep 23 17:43:19 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'no logging on' -Sep 23 17:43:19 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'enable_15' executed the 'no logging on' command. -Sep 23 17:42:20 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'enable_15', running 'CLI' from IP 0.0.0.0, executed 'logging on' -Sep 23 17:42:20 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'enable_15' executed the 'logging on' command. -Sep 23 16:54:34 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'no logging enable' -Sep 23 16:54:34 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'no logging enable' command. -Sep 23 16:39:14 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'enable_15' executed the 'configure terminal' command. -Sep 23 16:34:24 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'no logging message 103012 standby' -Sep 23 16:34:24 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'no logging message 103012 standby' command. -Sep 23 16:34:24 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'no logging message 103012' -Sep 23 16:34:24 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'no logging message 103012' command. -Sep 23 16:31:54 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'enable_15' executed cmd: show version -Sep 23 16:31:20 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'enable_15' executed cmd: show version -Sep 23 16:31:04 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'enable_15' executed cmd: show version -Sep 23 16:26:48 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'logging debug-trace' -Sep 23 16:26:48 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'logging debug-trace' command. -Sep 23 16:26:48 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'logging standby' -Sep 23 16:26:48 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'logging standby' command. -Sep 23 16:26:48 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'logging enable' -Sep 23 16:26:48 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'logging enable' command. -Sep 23 16:16:24 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'no logging enable' -Sep 23 16:16:24 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'no logging enable' command. -Sep 23 16:16:24 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show memory -Sep 23 16:13:25 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show service-policy user-statistics -Sep 22 22:19:37 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-7-111009: User 'admin' executed cmd: show logging message all -Sep 22 22:17:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'logging console Debugging' -Sep 22 22:17:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'logging console Debugging' command. -Sep 22 22:16:53 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'N/A' from IP 198.27.166.158, executed 'logging trap Debugging' -Sep 22 22:16:53 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'logging trap Debugging' command. -Sep 22 22:16:13 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'CLI' from IP 0.0.0.0, executed 'dir disk0:/dap.xml' -Sep 22 22:16:13 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'dir disk0:/dap.xml' command. -Sep 22 22:16:13 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'CLI' from IP 0.0.0.0, executed 'show running-config all ipv6' -Sep 22 22:16:13 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'show running-config all ipv6' command. -Sep 22 22:16:12 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'configure term' command. -Sep 22 22:13:15 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'CLI' from IP 0.0.0.0, executed 'dir disk0:/dap.xml' -Sep 22 22:13:15 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'dir disk0:/dap.xml' command. -Sep 22 22:13:15 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111010: User 'admin', running 'CLI' from IP 0.0.0.0, executed 'show running-config all ipv6' -Sep 22 22:13:15 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'show running-config all ipv6' command. -Sep 22 22:13:14 18.144.133.67 :2025-09-22T21:35:42Z: %ASA-config-5-111008: User 'admin' executed the 'configure term' command. -Sep 23 19:27:50 18.144.133.67 :2025-09-23T19:27:49Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 19:25:48 18.144.133.67 :2025-09-23T19:25:48Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:05:58 -Sep 23 19:21:57 18.144.133.67 :2025-09-23T19:21:57Z: %ASA-session-7-609002: Teardown local-host management:172.31.0.1 duration 0:02:01 -Sep 23 19:19:49 18.144.133.67 :2025-09-23T19:19:49Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 19:17:48 18.144.133.67 :2025-09-23T19:17:47Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 19:15:46 18.144.133.67 :2025-09-23T19:15:46Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:03:57 -Sep 23 19:11:49 18.144.133.67 :2025-09-23T19:11:48Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 19:09:47 18.144.133.67 :2025-09-23T19:09:47Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 19:07:46 18.144.133.67 :2025-09-23T19:07:45Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 19:05:44 18.144.133.67 :2025-09-23T19:05:44Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:03:57 -Sep 23 19:01:47 18.144.133.67 :2025-09-23T19:01:46Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 18:59:45 18.144.133.67 :2025-09-23T18:59:45Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 18:57:44 18.144.133.67 :2025-09-23T18:57:43Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 18:55:43 18.144.133.67 :2025-09-23T18:55:42Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:05:58 -Sep 23 18:51:57 18.144.133.67 :2025-09-23T18:51:56Z: %ASA-session-7-609002: Teardown local-host management:172.31.0.1 duration 0:02:01 -Sep 23 18:49:44 18.144.133.67 :2025-09-23T18:49:43Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 18:47:42 18.144.133.67 :2025-09-23T18:47:42Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 18:45:41 18.144.133.67 :2025-09-23T18:45:40Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:03:57 -Sep 23 18:41:43 18.144.133.67 :2025-09-23T18:41:43Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 18:39:42 18.144.133.67 :2025-09-23T18:39:41Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 18:37:40 18.144.133.67 :2025-09-23T18:37:40Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 18:35:39 18.144.133.67 :2025-09-23T18:35:38Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:03:57 -Sep 23 18:31:41 18.144.133.67 :2025-09-23T18:31:41Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 18:29:40 18.144.133.67 :2025-09-23T18:29:39Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 18:27:38 18.144.133.67 :2025-09-23T18:27:38Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 18:25:37 18.144.133.67 :2025-09-23T18:25:36Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:03:40 -Sep 23 18:21:57 18.144.133.67 :2025-09-23T18:21:56Z: %ASA-session-7-609002: Teardown local-host management:172.31.0.1 duration 0:02:01 -Sep 23 18:21:57 18.144.133.67 :2025-09-23T18:21:56Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:18 -Sep 23 18:19:38 18.144.133.67 :2025-09-23T18:19:37Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 18:17:36 18.144.133.67 :2025-09-23T18:17:36Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 18:15:35 18.144.133.67 :2025-09-23T18:15:34Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:03:04 -Sep 23 18:12:30 18.144.133.67 :2025-09-23T18:12:30Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:02:01 -Sep 23 18:10:29 18.144.133.67 :2025-09-23T18:10:28Z: %ASA-session-7-609002: Teardown local-host management:54.245.234.201 duration 0:16:07 -Sep 23 18:08:22 18.144.133.67 :2025-09-23T18:08:22Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55608 to management:172.31.12.229/443 -Sep 23 18:08:22 18.144.133.67 :2025-09-23T18:08:22Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55608 to management:172.31.12.229/443 -Sep 23 18:08:22 18.144.133.67 :2025-09-23T18:08:22Z: %ASA-session-6-302014: Teardown TCP connection 2019 for management:198.27.166.158/55608 to identity:172.31.12.229/443 duration 0:00:00 bytes 1285 TCP Reset-O from identity -1 -1 -Sep 23 18:08:22 18.144.133.67 :2025-09-23T18:08:22Z: %ASA-session-6-302013: Built inbound TCP connection 2019 for management:198.27.166.158/55608 (198.27.166.158/55608) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:08:22 18.144.133.67 :2025-09-23T18:08:22Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55607 to management:172.31.12.229/443 -Sep 23 18:08:22 18.144.133.67 :2025-09-23T18:08:22Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55607 to management:172.31.12.229/443 -Sep 23 18:08:22 18.144.133.67 :2025-09-23T18:08:22Z: %ASA-session-6-302014: Teardown TCP connection 2018 for management:198.27.166.158/55607 to identity:172.31.12.229/443 duration 0:00:00 bytes 1585 TCP Reset-O from identity -1 -1 -Sep 23 18:08:22 18.144.133.67 :2025-09-23T18:08:22Z: %ASA-session-6-302013: Built inbound TCP connection 2018 for management:198.27.166.158/55607 (198.27.166.158/55607) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:07:46 18.144.133.67 :2025-09-23T18:07:46Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55529 to management:172.31.12.229/443 -Sep 23 18:07:46 18.144.133.67 :2025-09-23T18:07:46Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55529 to management:172.31.12.229/443 -Sep 23 18:07:46 18.144.133.67 :2025-09-23T18:07:46Z: %ASA-session-6-302014: Teardown TCP connection 2017 for management:198.27.166.158/55529 to identity:172.31.12.229/443 duration 0:00:00 bytes 230268 TCP Reset-O from identity -1 -1 -Sep 23 18:07:46 18.144.133.67 :2025-09-23T18:07:45Z: %ASA-session-6-302013: Built inbound TCP connection 2017 for management:198.27.166.158/55529 (198.27.166.158/55529) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:07:11 18.144.133.67 :2025-09-23T18:07:11Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55517 to management:172.31.12.229/443 -Sep 23 18:07:11 18.144.133.67 :2025-09-23T18:07:11Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55517 to management:172.31.12.229/443 -Sep 23 18:07:11 18.144.133.67 :2025-09-23T18:07:11Z: %ASA-session-6-302014: Teardown TCP connection 2016 for management:198.27.166.158/55517 to identity:172.31.12.229/443 duration 0:00:00 bytes 954 TCP Reset-O from identity -1 -1 -Sep 23 18:07:11 18.144.133.67 :2025-09-23T18:07:11Z: %ASA-session-6-302013: Built inbound TCP connection 2016 for management:198.27.166.158/55517 (198.27.166.158/55517) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:07:00 18.144.133.67 :2025-09-23T18:07:00Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55508 to management:172.31.12.229/443 -Sep 23 18:07:00 18.144.133.67 :2025-09-23T18:07:00Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55508 to management:172.31.12.229/443 -Sep 23 18:07:00 18.144.133.67 :2025-09-23T18:07:00Z: %ASA-session-6-302014: Teardown TCP connection 2015 for management:198.27.166.158/55508 to identity:172.31.12.229/443 duration 0:00:00 bytes 953 TCP Reset-O from identity -1 -1 -Sep 23 18:07:00 18.144.133.67 :2025-09-23T18:07:00Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55508 to management:172.31.12.229/443 -Sep 23 18:07:00 18.144.133.67 :2025-09-23T18:07:00Z: %ASA-session-6-302013: Built inbound TCP connection 2015 for management:198.27.166.158/55508 (198.27.166.158/55508) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:06:49 18.144.133.67 :2025-09-23T18:06:49Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55497 to management:172.31.12.229/443 -Sep 23 18:06:49 18.144.133.67 :2025-09-23T18:06:49Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55497 to management:172.31.12.229/443 -Sep 23 18:06:49 18.144.133.67 :2025-09-23T18:06:49Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55497 to management:172.31.12.229/443 -Sep 23 18:06:49 18.144.133.67 :2025-09-23T18:06:49Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55497 to management:172.31.12.229/443 -Sep 23 18:06:49 18.144.133.67 :2025-09-23T18:06:49Z: %ASA-session-6-302014: Teardown TCP connection 2014 for management:198.27.166.158/55497 to identity:172.31.12.229/443 duration 0:00:00 bytes 1082 TCP Reset-O from identity -1 -1 -Sep 23 18:06:49 18.144.133.67 :2025-09-23T18:06:49Z: %ASA-session-6-302013: Built inbound TCP connection 2014 for management:198.27.166.158/55497 (198.27.166.158/55497) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:06:06 18.144.133.67 :2025-09-23T18:06:05Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55482 to management:172.31.12.229/443 -Sep 23 18:06:06 18.144.133.67 :2025-09-23T18:06:05Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55482 to management:172.31.12.229/443 -Sep 23 18:06:06 18.144.133.67 :2025-09-23T18:06:05Z: %ASA-session-6-302014: Teardown TCP connection 2013 for management:198.27.166.158/55482 to identity:172.31.12.229/443 duration 0:00:00 bytes 955 TCP Reset-O from identity -1 -1 -Sep 23 18:06:06 18.144.133.67 :2025-09-23T18:06:05Z: %ASA-session-6-302013: Built inbound TCP connection 2013 for management:198.27.166.158/55482 (198.27.166.158/55482) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:04Z: %ASA-session-6-302014: Teardown TCP connection 2012 for management:198.27.166.158/55479 to identity:172.31.12.229/443 duration 0:00:00 bytes 1020 TCP FINs from identity -1 -1 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302013: Built inbound TCP connection 2012 for management:198.27.166.158/55479 (198.27.166.158/55479) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55478 to management:172.31.12.229/443 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55478 to management:172.31.12.229/443 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302014: Teardown TCP connection 2011 for management:198.27.166.158/55478 to identity:172.31.12.229/443 duration 0:00:00 bytes 955 TCP Reset-O from identity -1 -1 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302013: Built inbound TCP connection 2011 for management:198.27.166.158/55478 (198.27.166.158/55478) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55477 to management:172.31.12.229/443 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55477 to management:172.31.12.229/443 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302014: Teardown TCP connection 2010 for management:198.27.166.158/55477 to identity:172.31.12.229/443 duration 0:00:00 bytes 1453 TCP Reset-O from identity -1 -1 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55476 to management:172.31.12.229/443 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55476 to management:172.31.12.229/443 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302014: Teardown TCP connection 2009 for management:198.27.166.158/55476 to identity:172.31.12.229/443 duration 0:00:00 bytes 1307 TCP Reset-O from identity -1 -1 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302013: Built inbound TCP connection 2010 for management:198.27.166.158/55477 (198.27.166.158/55477) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302013: Built inbound TCP connection 2009 for management:198.27.166.158/55476 (198.27.166.158/55476) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55475 to management:172.31.12.229/443 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55475 to management:172.31.12.229/443 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302014: Teardown TCP connection 2008 for management:198.27.166.158/55475 to identity:172.31.12.229/443 duration 0:00:00 bytes 1022 TCP Reset-O from identity -1 -1 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302013: Built inbound TCP connection 2008 for management:198.27.166.158/55475 (198.27.166.158/55475) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55473 to management:172.31.12.229/443 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55473 to management:172.31.12.229/443 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302014: Teardown TCP connection 2007 for management:198.27.166.158/55473 to identity:172.31.12.229/443 duration 0:00:00 bytes 1252 TCP Reset-O from identity -1 -1 -Sep 23 18:06:04 18.144.133.67 :2025-09-23T18:06:03Z: %ASA-session-6-302013: Built inbound TCP connection 2007 for management:198.27.166.158/55473 (198.27.166.158/55473) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:06:01 18.144.133.67 :2025-09-23T18:06:00Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55470 to management:172.31.12.229/443 -Sep 23 18:06:01 18.144.133.67 :2025-09-23T18:06:00Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55470 to management:172.31.12.229/443 -Sep 23 18:06:01 18.144.133.67 :2025-09-23T18:06:00Z: %ASA-session-6-302014: Teardown TCP connection 2006 for management:198.27.166.158/55470 to identity:172.31.12.229/443 duration 0:00:00 bytes 1082 TCP Reset-O from identity -1 -1 -Sep 23 18:06:01 18.144.133.67 :2025-09-23T18:06:00Z: %ASA-session-6-302013: Built inbound TCP connection 2006 for management:198.27.166.158/55470 (198.27.166.158/55470) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:38 18.144.133.67 :2025-09-23T18:05:38Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55464 to management:172.31.12.229/443 -Sep 23 18:05:38 18.144.133.67 :2025-09-23T18:05:38Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55464 to management:172.31.12.229/443 -Sep 23 18:05:38 18.144.133.67 :2025-09-23T18:05:38Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55464 to management:172.31.12.229/443 -Sep 23 18:05:38 18.144.133.67 :2025-09-23T18:05:38Z: %ASA-session-6-302014: Teardown TCP connection 2005 for management:198.27.166.158/55464 to identity:172.31.12.229/443 duration 0:00:00 bytes 954 TCP Reset-O from identity -1 -1 -Sep 23 18:05:38 18.144.133.67 :2025-09-23T18:05:38Z: %ASA-session-6-302013: Built inbound TCP connection 2005 for management:198.27.166.158/55464 (198.27.166.158/55464) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:35 18.144.133.67 :2025-09-23T18:05:34Z: %ASA-session-6-302014: Teardown TCP connection 2004 for management:198.27.166.158/55462 to identity:172.31.12.229/443 duration 0:00:09 bytes 1022 TCP FINs from identity -1 -1 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55451 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55449 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55455 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1999 for management:198.27.166.158/55457 to identity:172.31.12.229/443 duration 0:00:00 bytes 1432 TCP Reset-I from management -1 -1 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 2004 for management:198.27.166.158/55462 (198.27.166.158/55462) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1998 for management:198.27.166.158/55456 to identity:172.31.12.229/443 duration 0:00:00 bytes 1420 TCP Reset-I from management -1 -1 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1995 for management:198.27.166.158/55453 to identity:172.31.12.229/443 duration 0:00:00 bytes 1437 TCP Reset-I from management -1 -1 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55451 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1993 for management:198.27.166.158/55451 to identity:172.31.12.229/443 duration 0:00:00 bytes 1369 TCP Reset-O from identity -1 -1 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55450 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55450 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1992 for management:198.27.166.158/55450 to identity:172.31.12.229/443 duration 0:00:00 bytes 2813 TCP Reset-O from identity -1 -1 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55448 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55448 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1990 for management:198.27.166.158/55448 to identity:172.31.12.229/443 duration 0:00:00 bytes 1001 TCP Reset-O from identity -1 -1 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55449 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1991 for management:198.27.166.158/55449 to identity:172.31.12.229/443 duration 0:00:00 bytes 955 TCP Reset-O from identity -1 -1 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55458 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55458 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 2000 for management:198.27.166.158/55458 to identity:172.31.12.229/443 duration 0:00:00 bytes 1451 TCP Reset-O from identity -1 -1 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55455 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1997 for management:198.27.166.158/55455 to identity:172.31.12.229/443 duration 0:00:00 bytes 1102 TCP Reset-O from identity -1 -1 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55461 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55461 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 2003 for management:198.27.166.158/55461 to identity:172.31.12.229/443 duration 0:00:00 bytes 1136 TCP Reset-O from identity -1 -1 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 2003 for management:198.27.166.158/55461 (198.27.166.158/55461) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55460 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55460 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55460 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 2002 for management:198.27.166.158/55460 to identity:172.31.12.229/443 duration 0:00:00 bytes 1136 TCP Reset-O from identity -1 -1 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 2002 for management:198.27.166.158/55460 (198.27.166.158/55460) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55459 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55459 to management:172.31.12.229/443 -Sep 23 18:05:26 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 2001 for management:198.27.166.158/55459 to identity:172.31.12.229/443 duration 0:00:00 bytes 1092 TCP Reset-O from identity -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 2001 for management:198.27.166.158/55459 (198.27.166.158/55459) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 2000 for management:198.27.166.158/55458 (198.27.166.158/55458) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1999 for management:198.27.166.158/55457 (198.27.166.158/55457) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1998 for management:198.27.166.158/55456 (198.27.166.158/55456) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1997 for management:198.27.166.158/55455 (198.27.166.158/55455) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55454 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55454 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55454 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1996 for management:198.27.166.158/55454 to identity:172.31.12.229/443 duration 0:00:00 bytes 1034 TCP Reset-O from identity -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1996 for management:198.27.166.158/55454 (198.27.166.158/55454) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1995 for management:198.27.166.158/55453 (198.27.166.158/55453) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55447 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55447 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1989 for management:198.27.166.158/55447 to identity:172.31.12.229/443 duration 0:00:00 bytes 18996 TCP Reset-O from identity -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55452 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55452 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1994 for management:198.27.166.158/55452 to identity:172.31.12.229/443 duration 0:00:00 bytes 1452 TCP Reset-O from identity -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1994 for management:198.27.166.158/55452 (198.27.166.158/55452) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1993 for management:198.27.166.158/55451 (198.27.166.158/55451) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1992 for management:198.27.166.158/55450 (198.27.166.158/55450) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1991 for management:198.27.166.158/55449 (198.27.166.158/55449) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1990 for management:198.27.166.158/55448 (198.27.166.158/55448) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55446 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1989 for management:198.27.166.158/55447 (198.27.166.158/55447) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55446 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1988 for management:198.27.166.158/55446 to identity:172.31.12.229/443 duration 0:00:00 bytes 1022 TCP Reset-O from identity -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302013: Built inbound TCP connection 1988 for management:198.27.166.158/55446 (198.27.166.158/55446) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55445 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55445 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:25Z: %ASA-session-6-302014: Teardown TCP connection 1987 for management:198.27.166.158/55445 to identity:172.31.12.229/443 duration 0:00:00 bytes 4185 TCP Reset-O from identity -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1987 for management:198.27.166.158/55445 (198.27.166.158/55445) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55444 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55444 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302014: Teardown TCP connection 1986 for management:198.27.166.158/55444 to identity:172.31.12.229/443 duration 0:00:00 bytes 1053 TCP Reset-O from identity -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55443 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55443 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302014: Teardown TCP connection 1985 for management:198.27.166.158/55443 to identity:172.31.12.229/443 duration 0:00:00 bytes 1052 TCP Reset-O from identity -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1986 for management:198.27.166.158/55444 (198.27.166.158/55444) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1985 for management:198.27.166.158/55443 (198.27.166.158/55443) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55442 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55442 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302014: Teardown TCP connection 1984 for management:198.27.166.158/55442 to identity:172.31.12.229/443 duration 0:00:00 bytes 1023 TCP Reset-O from identity -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55441 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55441 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302014: Teardown TCP connection 1983 for management:198.27.166.158/55441 to identity:172.31.12.229/443 duration 0:00:00 bytes 953 TCP Reset-O from identity -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55439 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1984 for management:198.27.166.158/55442 (198.27.166.158/55442) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55439 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55439 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55439 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302014: Teardown TCP connection 1981 for management:198.27.166.158/55439 to identity:172.31.12.229/443 duration 0:00:00 bytes 1003 TCP Reset-O from identity -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1983 for management:198.27.166.158/55441 (198.27.166.158/55441) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1982 for management:198.27.166.158/55440 (198.27.166.158/55440) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1981 for management:198.27.166.158/55439 (198.27.166.158/55439) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55438 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55438 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302014: Teardown TCP connection 1980 for management:198.27.166.158/55438 to identity:172.31.12.229/443 duration 0:00:00 bytes 1188 TCP Reset-O from identity -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55437 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1980 for management:198.27.166.158/55438 (198.27.166.158/55438) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55437 to management:172.31.12.229/443 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302014: Teardown TCP connection 1979 for management:198.27.166.158/55437 to identity:172.31.12.229/443 duration 0:00:00 bytes 1433 TCP Reset-O from identity -1 -1 -Sep 23 18:05:25 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1979 for management:198.27.166.158/55437 (198.27.166.158/55437) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:24 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55436 to management:172.31.12.229/443 -Sep 23 18:05:24 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55436 to management:172.31.12.229/443 -Sep 23 18:05:24 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302014: Teardown TCP connection 1978 for management:198.27.166.158/55436 to identity:172.31.12.229/443 duration 0:00:00 bytes 1136 TCP Reset-O from identity -1 -1 -Sep 23 18:05:24 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1978 for management:198.27.166.158/55436 (198.27.166.158/55436) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:24 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-6-302013: Built inbound TCP connection 1977 for management:198.27.166.158/55435 (198.27.166.158/55435) to identity:172.31.12.229/443 (172.31.12.229/443) -1 -1 -Sep 23 18:05:24 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55434 to management:172.31.12.229/443 -Sep 23 18:05:24 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55433 to management:172.31.12.229/443 -Sep 23 18:05:24 18.144.133.67 :2025-09-23T18:05:24Z: %ASA-session-7-710005: TCP request discarded from 198.27.166.158/55433 to management:172.31.12.229/443 \ No newline at end of file From 04962db29dfa3070a792810603e3ce05e8fa5eaa Mon Sep 17 00:00:00 2001 From: Bhavin Patel Date: Thu, 25 Sep 2025 12:49:44 -0700 Subject: [PATCH 3/5] updating link --- datasets/cisco_asa/arcane_door/cisco_asa.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/datasets/cisco_asa/arcane_door/cisco_asa.yml b/datasets/cisco_asa/arcane_door/cisco_asa.yml index 9ba61e8e..e69bed02 100644 --- a/datasets/cisco_asa/arcane_door/cisco_asa.yml +++ b/datasets/cisco_asa/arcane_door/cisco_asa.yml @@ -8,6 +8,6 @@ mitre_technique: - T1573 datasets: - name: cisco_asa - path: data/cisco_asa/cisco_asa.txt + path: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/cisco_asa/arcane_door/cisco_asa.log sourcetype: cisco:asa source: not_applicable \ No newline at end of file From d9cb7bd9507e4729075dba5284aa7bb24fdb9785 Mon Sep 17 00:00:00 2001 From: Bhavin Patel Date: Thu, 25 Sep 2025 12:52:25 -0700 Subject: [PATCH 4/5] mitre --- datasets/cisco_asa/arcane_door/cisco_asa.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/datasets/cisco_asa/arcane_door/cisco_asa.yml b/datasets/cisco_asa/arcane_door/cisco_asa.yml index e69bed02..c091bad1 100644 --- a/datasets/cisco_asa/arcane_door/cisco_asa.yml +++ b/datasets/cisco_asa/arcane_door/cisco_asa.yml @@ -5,7 +5,7 @@ description: Generated datasets for for Cisco ASA using manual simulation for Ar environment: attack_range directory: cisco_asa mitre_technique: -- T1573 +- T1562 datasets: - name: cisco_asa path: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/cisco_asa/arcane_door/cisco_asa.log From 9cdc55f15e8a1c859e9313e48b5f907feb688581 Mon Sep 17 00:00:00 2001 From: Bhavin Patel Date: Thu, 25 Sep 2025 12:56:50 -0700 Subject: [PATCH 5/5] updating to v2 --- datasets/cisco_asa/arcane_door/cisco_asa.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/datasets/cisco_asa/arcane_door/cisco_asa.yml b/datasets/cisco_asa/arcane_door/cisco_asa.yml index c091bad1..a058214b 100644 --- a/datasets/cisco_asa/arcane_door/cisco_asa.yml +++ b/datasets/cisco_asa/arcane_door/cisco_asa.yml @@ -8,6 +8,6 @@ mitre_technique: - T1562 datasets: - name: cisco_asa - path: https://media.githubusercontent.com/media/splunk/attack_data/master/datasets/cisco_asa/arcane_door/cisco_asa.log + path: /datasets/cisco_asa/arcane_door/cisco_asa.log sourcetype: cisco:asa source: not_applicable \ No newline at end of file