By Jason Conger May 02, 2014
The Cisco Security Suite app continues to get updated for Splunk 6.x. The latest addition is support for Cisco Sourcefire. Information from your eStreamer server (e.g. Defense Center) is visualized including:
- Intrusion events
- Sensor information
- Policy information
- Hosts
- Flow summaries
- File / Malware events
- Correlation events
So now, the Cisco Security Suite supports:
- Cisco ASA and PIX firewall appliances, the FWSM firewall services module
- WSA web security appliance
- Cisco IronPort Email Security Appliance (ESA)
- Cisco Identity Services Engine (ISE)
- Cisco Sourcefire
Also, with each release, we incorporate more feedback about documentation. Documentation can be found within the Cisco Security Suite app itself and on the Documentation tab on http://apps.splunk.com/app/525/.
Be sure to check out Splunk Answers as well for community feedback http://answers.splunk.com/apps/22300/related_questions/
Finally, if you want to contribute, check out the Cisco Security Suite repository on GitHub https://github.com/splunk/splunk-app-cisco-security-suite
Stay tuned, there is more to come…