From 44de126725b2935c7d22bfd4d78cbb0998c422cd Mon Sep 17 00:00:00 2001
From: v-sabiraj <v-sabiraj@microsoft.com>
Date: Mon, 13 Jan 2025 23:48:05 +0530
Subject: [PATCH] updating parser

---
 .../Parsers/ASimNetworkSessionCiscoASA.yaml                   | 4 ++--
 .../ASimNetworkSession/Parsers/vimNetworkSessionCiscoASA.yaml | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoASA.yaml b/Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoASA.yaml
index ed38a10c00..90935bb37f 100644
--- a/Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoASA.yaml
+++ b/Parsers/ASimNetworkSession/Parsers/ASimNetworkSessionCiscoASA.yaml
@@ -246,7 +246,7 @@ ParserQuery: |
                 | where DeviceVendor == "Cisco" and DeviceProduct == "ASA"
                 | where DeviceEventClassID in ("106001","106006","106015","106016","106021","106022","106010","106014","106018","106023","302013","302015","302014","302016","302020","302021","710002","710003","710004","710005","106007","106017","106100","106002","106012","106013","106020")
                 | lookup ActionResultLookup on DeviceEventClassID
-                | project DeviceVendor, Type, DeviceProduct, DeviceEventClassID, LogSeverity, OriginalLogSeverity, Computer, CommunicationDirection, DestinationIP, DestinationPort, DeviceAddress, DeviceName, Message, Protocol, SourceIP, SourcePort, DeviceVersion, DeviceCustomString2, DvcAction, EventResult, TimeGenerated, DeviceAction;
+                | project DeviceVendor, DeviceProduct, DeviceEventClassID, LogSeverity, OriginalLogSeverity, Computer, CommunicationDirection, DestinationIP, DestinationPort, DeviceAddress, DeviceName, Message, Protocol, SourceIP, SourcePort, DeviceVersion, DeviceCustomString2, DvcAction, EventResult, TimeGenerated, DeviceAction;
       let parsedData = allLogs
                 | where isnotempty(SourceIP)
                 | project-rename NetworkRuleName = DeviceCustomString2,
@@ -256,7 +256,7 @@ ParserQuery: |
                                  DstPortNumber = DestinationPort;
       let unparsedData = allLogs
                 | where isempty(SourceIP)
-                | project DeviceVendor, Type, DeviceProduct, DeviceEventClassID, LogSeverity, OriginalLogSeverity, Computer, DeviceAddress, DeviceName, Message, DeviceVersion, Protocol, DvcAction, EventResult, TimeGenerated, DeviceAction;
+                | project DeviceVendor, DeviceProduct, DeviceEventClassID, LogSeverity, OriginalLogSeverity, Computer, DeviceAddress, DeviceName, Message, DeviceVersion, Protocol, DvcAction, EventResult, TimeGenerated, DeviceAction;
       let all_106001_alike = parsedData
                 | where DeviceEventClassID in ("106001", "106006", "106015", "106016", "106021", "106022") 
                 | parse Message with * " interface " DstInterfaceName;
diff --git a/Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoASA.yaml b/Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoASA.yaml
index 361c1b56f6..2b17960524 100644
--- a/Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoASA.yaml
+++ b/Parsers/ASimNetworkSession/Parsers/vimNetworkSessionCiscoASA.yaml
@@ -288,7 +288,7 @@ ParserQuery: |
                 | lookup ActionResultLookup on DeviceEventClassID
                 | where ((array_length(dvcaction) == 0) or DvcAction has_any (dvcaction) or DvcAction == "")
                 | where ((eventresult == "*") or EventResult == eventresult or EventResult == "")
-                | project DeviceVendor, Type, DeviceProduct, DeviceEventClassID, LogSeverity, OriginalLogSeverity, Computer, CommunicationDirection, DestinationIP, DestinationPort, DeviceAddress, DeviceName, Message, Protocol, SourceIP, SourcePort, DeviceVersion, DeviceCustomString2, DvcAction, EventResult, TimeGenerated, DeviceAction;
+                | project DeviceVendor, DeviceProduct, DeviceEventClassID, LogSeverity, OriginalLogSeverity, Computer, CommunicationDirection, DestinationIP, DestinationPort, DeviceAddress, DeviceName, Message, Protocol, SourceIP, SourcePort, DeviceVersion, DeviceCustomString2, DvcAction, EventResult, TimeGenerated, DeviceAction;
       let parsedData = allLogs
                 | where isnotempty(SourceIP)
                 | where (isnull(dstportnumber) or (DestinationPort == dstportnumber))
@@ -312,7 +312,7 @@ ParserQuery: |
                 | where Message has tostring(dstportnumber)
                         and ((array_length(src_or_any) == 0 or has_any_ipv4_prefix(Message,src_or_any)) 
                             or (array_length(dst_or_any) == 0 or has_any_ipv4_prefix(Message,dst_or_any)))
-                | project DeviceVendor, Type, DeviceProduct, DeviceEventClassID, LogSeverity, OriginalLogSeverity, Computer, DeviceAddress, DeviceName, Message, DeviceVersion, Protocol, DvcAction, EventResult, TimeGenerated, DeviceAction;
+                | project DeviceVendor, DeviceProduct, DeviceEventClassID, LogSeverity, OriginalLogSeverity, Computer, DeviceAddress, DeviceName, Message, DeviceVersion, Protocol, DvcAction, EventResult, TimeGenerated, DeviceAction;
       let all_106001_alike = parsedData
                 | where DeviceEventClassID in ("106001", "106006", "106015", "106016", "106021", "106022") 
                 | parse Message with * " interface " DstInterfaceName;