Skip to content




The Security Management Appliance (SMA) is used to centralize services from Email Security Appliances (ESAs) and Web Security Appliances (WSAs).

Product Details

Vendor URL: Cisco Content Security Managment Applicance

Product Type: Management Appliance

Product Tier: TIER III

Integration Method: SYSLOG

Integration URL: Reviewing the audit log for your organzation


Parser Details

Log Format: SYSLOG

Expected Normalization Rate: 90%

Data Label: CISCO_SMA

UDM Fields (list of all UDM fields leveraged in the Parser):

Log File Field UDM Field
action metadata.product_event_type
aggregator_message metadata.description
observer observer.hostname
process_name metadata.description
reporting_service principal.application
severity security_result.severity
source_filepath src.file.full_path
source_host src.hostname
target_file target.file.full_path

Product Event Types

Product Event Description UDM Event
All All events GENERIC_EVENT

Log Sample

{<14>Sep 23 00:00:59 Hostname: Info: TRANSFER: Plugin TRACKINGPLUGIN downloading from Hostname1 - /file/path/example.gz}

Sample Parsing

metadata.event_timestamp = "2022-09-23T00:00:59Z"
metadata.event_type = "GENERIC_EVENT"
metadata.product_event_type = "TRANSFER"
metadata.product_name = "Cisco SMA"
metadata.vendor_name = "Cisco"
observer.hostname = "Hostname"
principal.application = "TRACKINGPLUGIN"
security_result[0].severity = "INFORMATIONAL"
security_result[0].severity_details = "Info"
src.file.full_path = "/file/path/example.gz"
src.hostname = "Hostname1"

Parser Alerting

This product currently does not have any Parser-based Alerting


Coming Soon