RA VPN - Secure Access push security events (#1161)

patel-bhavin · web-flow · commit 16125efc83ca · 2026-04-27T22:49:27.000+05:30
* adding new events

* updating dataset
diff --git a/datasets/cisco_secure_access/firewall/firewall.yml b/datasets/cisco_secure_access/firewall/firewall.yml
@@ -30,4 +30,4 @@ datasets:
 - name: smb
   path: /datasets/cisco_secure_access/firewall/smb.log
   source: cisco_cloud_security_addon
-  sourcetype: cisco:cloud_security:firewall
+  sourcetype: cisco:cloud_security:firewall
diff --git a/datasets/cisco_secure_access/ravpn/ravpn.yml b/datasets/cisco_secure_access/ravpn/ravpn.yml
@@ -0,0 +1,14 @@
+author: Bhavin Patel, Splunk
+id: 8b2f4c1e-9a0d-4e8b-b7c3-1d2e3f4a5b6c
+date: '2026-04-27'
+description: |
+  This dataset is based on the Cisco Secure Access RAVPN security event schema and the data here is generated from various simulated activities in a controlled lab environment.
+environment: custom
+directory: cisco_secure_access/ravpn
+mitre_technique:
+  - T1110
+datasets:
+  - name: ravpn_high_auth_failures
+    path: /datasets/cisco_secure_access/ravpn/ravpn_high_auth_failures.log
+    source: not_applicable
+    sourcetype: cisco:secure_access:security_events_ravpn
diff --git a/datasets/cisco_secure_access/ravpn/ravpn_high_auth_failures.log b/datasets/cisco_secure_access/ravpn/ravpn_high_auth_failures.log
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:97ad279dd45620c84cd4e51e25a5158c65d0d7a034e5f532bfc611fcff17391d
+size 47899

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+version https://git-lfs.github.com/spec/v1`
	`2`	`+oid sha256:97ad279dd45620c84cd4e51e25a5158c65d0d7a034e5f532bfc611fcff17391d`
	`3`	`+size 47899`