[cisco_meraki] Update event.type and event.category of anyconnect_vpn_connect (elastic#14736)

brijesh-elastic · web-flow · commit ee62fa766df2 · 2025-08-04T12:59:40.000+09:30
diff --git a/packages/cisco_meraki/changelog.yml b/packages/cisco_meraki/changelog.yml
@@ -1,4 +1,9 @@
 # newer versions go on top
+- version: "1.30.0"
+  changes:
+    - description: Update `event.type` and `event.category` of `anyconnect_vpn_connect`.
+      type: enhancement
+      link: https://github.com/elastic/integrations/pull/14736
 - version: "1.29.2"
   changes:
     - description: Map translated source and destination IP and port to correct ECS fields.
diff --git a/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json b/packages/cisco_meraki/data_stream/log/_dev/test/pipeline/test-events.log-expected.json
@@ -1674,11 +1674,15 @@
             "event": {
                 "action": "anyconnect_vpn_connect",
                 "category": [
-                    "network"
+                    "network",
+                    "session"
                 ],
                 "original": "<134>1 1639132851.416656563 TCP9001 events anyconnect_vpn_connect user id 'user.name2' local ip 172.25.22.244 reconnected from 67.43.156.14",
                 "type": [
-                    "info"
+                    "info",
+                    "access",
+                    "allowed",
+                    "start"
                 ]
             },
             "message": "user id 'user.name2' local ip 172.25.22.244 reconnected from 67.43.156.14",
@@ -1722,11 +1726,15 @@
             "event": {
                 "action": "anyconnect_vpn_connect",
                 "category": [
-                    "network"
+                    "network",
+                    "session"
                 ],
                 "original": "<134>1 1639132851.416656563 TCP9001 events anyconnect_vpn_connect user id 'user.name3' local ip 175.16.199.1 connected from 1.128.0.1",
                 "type": [
-                    "info"
+                    "info",
+                    "access",
+                    "allowed",
+                    "start"
                 ]
             },
             "message": "user id 'user.name3' local ip 175.16.199.1 connected from 1.128.0.1",
diff --git a/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml b/packages/cisco_meraki/data_stream/log/elasticsearch/ingest_pipeline/default.yml
@@ -85,6 +85,14 @@ processors:
             type:
               - access
             action: site-to-site-vpn
+          "anyconnect_vpn_connect":
+            category:
+              - session
+            type:
+              - access
+              - allowed
+              - start
+            action: anyconnect_vpn_connect
           "client_vpn_connect":
             category:
               - session
diff --git a/packages/cisco_meraki/manifest.yml b/packages/cisco_meraki/manifest.yml
@@ -1,7 +1,7 @@
 format_version: "3.0.2"
 name: cisco_meraki
 title: Cisco Meraki
-version: "1.29.2"
+version: "1.30.0"
 description: Collect logs from Cisco Meraki with Elastic Agent.
 type: integration
 categories:
