This app is archived. Learn more

Splunk Add-on for Cisco FireSIGHT

***This add-on is no longer supported. All customers are recommended to migrate to Cisco Firepower and utilize the Cisco Secure eStreamer Client (f.k.a Firepower eNcore) Add-On for Splunk. (https://splunkbase.splunk.com/app/3662/)*** The Splunk Add-on for Cisco FireSIGHT (formerly Splunk Add-on for Cisco Sourcefire) leverages data collected via Cisco eStreamer to allow a Splunk software administrator to analyze and correlate Cisco Next-Generation Intrusion Prevention System (NGIPS) and Cisco Next-Generation Firewall (NGFW) log data and Advanced Malware Protection (AMP) reports from Cisco FireSIGHT and Snort IDS through the Splunk Common Information Model. You can then use the mapped data with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.

Built by Splunk Works

Latest Version 3.3.2

April 22, 2016

Release notes

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0

CIM Version: 4.x

Rating

0

(0)

Log in to rate this app

Support

Not Supported

Learn more

***This add-on is no longer supported. All customers are recommended to migrate to Cisco Firepower and utilize the Cisco Secure eStreamer Client (f.k.a Firepower eNcore) Add-On for Splunk. (https://splunkbase.splunk.com/app/3662/)*** The Splunk Add-on for Cisco FireSIGHT (formerly Splunk Add-on for Cisco Sourcefire) leverages data collected via Cisco eStreamer to allow a Splunk software administrator to analyze and correlate Cisco Next-Generation Intrusion Prevention System (NGIPS) and Cisco Next-Generation Firewall (NGFW) log data and Advanced Malware Protection (AMP) reports from Cisco FireSIGHT and Snort IDS through the Splunk Common Information Model. You can then use the mapped data with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.