Cisco Secure eStreamer Client (f.k.a. eNcore) Technical Add-on for Splunk is an eStreamer client with a Splunk plugin that provides comprehensive event forwarding from all 6.x versions of Threat Defense Manager (f.k.a. Firepower Management Center) to Splunk Enterprise and Splunk Enterprise Security. 

The following event types are supported with complete schema coverage through the eStreamer API specification for Threat Defense Manager version 6.2+.    

•	Discovery Events
•	Correlation and White List Events
•	Impact Flag Alerts
•	Intrusion Events
•	Intrusion Event Packet Data
•	User Activity
•	Intrusion Event Extra Data
•	Malware Events
•	File Events
•	Connection Events

This app was developed for and tested on Linux platforms only. Windows support is not currently available.  Please check with Cisco for any change in status.