diff --git a/decoders/0065-cisco-ios_decoders.xml b/decoders/0065-cisco-ios_decoders.xml
index 214c56e6a..39040e8a1 100644
--- a/decoders/0065-cisco-ios_decoders.xml
+++ b/decoders/0065-cisco-ios_decoders.xml
@@ -83,11 +83,10 @@
cisco-ios
- firewall
^%SEC-6-IPACCESSLOGP:
- ^list \S+ (\w+) (\w+)
+ (%\w+-\d-\w+):\s+list \S+ (\w+) (\w+)
(\S+)\((\d+)\) -> (\S+)\((\d+)\),
- action, protocol, srcip, srcport, dstip, dstport
+ id ,action, protocol, srcip, srcport, dstip, dstport
diff --git a/rules/0075-cisco-ios_rules.xml b/rules/0075-cisco-ios_rules.xml
index 4ee96a928..30587c3f7 100644
--- a/rules/0075-cisco-ios_rules.xml
+++ b/rules/0075-cisco-ios_rules.xml
@@ -86,4 +86,19 @@
authentication_failed,pci_dss_10.2.5,pci_dss_10.2.4,gpg13_3.6,gdpr_IV_35.7.d,gdpr_IV_32.2,
+
+ 4716
+ ^%SEC-6-IPACCESSLOGP
+ Cisco ACL: denied access event.
+ firewall_drop,pci_dss_1.4,gpg13_4.12,gdpr_IV_35.7.d,
+
+
+
+ 4731
+ ^%SEC-6-IPACCESSLOGP
+ denied
+ Cisco ACL: multiple denied access from same source.
+ multiple_drops,pci_dss_1.4,pci_dss_10.6.1,gpg13_4.12,gdpr_IV_35.7.d,
+
+
diff --git a/tools/rules-testing/tests/cisco_ios.ini b/tools/rules-testing/tests/cisco_ios.ini
index e4a7a1e04..be7f1bec7 100644
--- a/tools/rules-testing/tests/cisco_ios.ini
+++ b/tools/rules-testing/tests/cisco_ios.ini
@@ -14,8 +14,8 @@ log 1 pass = Sep 1 10:25:29 10.10.10.1 %SEC-6-IPACCESSLOGP: list 102 denied tcp
log 2 pass = Sep 1 10:25:29 10.10.10.1 %SEC-6-IPACCESSLOGP: list 199 denied tcp 10.0.61.108(1477) -> 10.0.127.20(445), 1 packet
-rule = 4100
-alert = 0
+rule = 4731
+alert = 5
decoder = cisco-ios