GitHub Repo

Data Source: Cisco SD-WAN Auth Log

Date: 2026-06-09

ID: a7c9ec91-85cb-44fc-be26-e652ba7e4127

Author: Teoderick Contreras, Splunk

Description

Data source object for Cisco SD-WAN Auth logs

Details

Property Value
Source /var/log/auth.log
Sourcetype cisco:sdwan:syslog
Name ▲▼ Technique ▲▼ Type ▲▼
Cisco SD-WAN Multiple Source IP vManage Admin SSH Authentication Active Scanning Hunting
Cisco SD-WAN Multiple SSH key Authentication from Same Source Active Scanning Hunting

Event Fields

+ Fields 
  <span class="pill kill-chain">_time</span>
  
  <span class="pill kill-chain">_raw</span>
  
</div>

Example Log

12026-03-30T05:29:57+00:00 vsmart <auth.info> sshd[20244]: Accepted publickey for vmanage-admin from 172.161.255.29 port 37146 ssh2: RSA SHA256:KEY_2

Source: GitHub | Version: 1