Cisco Secure eStreamer Client Add-On for Splunk

****Updates July 15th, 2024*** The current Cisco Secure Firewall app is EOL, and has been replaced by the Cisco Security Cloud -https://splunkbase.splunk.com/app/7404 The Cisco Security Cloud -- https://splunkbase.splunk.com/app/7404 -- provides eStreamer SDK integration which will provide fully qualified event support for IDS, Malware, Connection and IDS Packet data. ************************************ Cisco Secure eStreamer Client (f.k.a. eNcore) Technical Add-on for Splunk is an eStreamer client with a Splunk plugin that provides comprehensive event forwarding from all 6.x versions of Threat Defense Manager (f.k.a. Firepower Management Center) to Splunk Enterprise and Splunk Enterprise Security. The following event types are supported with complete schema coverage through the eStreamer API specification for Threat Defense Manager version 6.2+. • Discovery Events • Correlation and White List Events • Impact Flag Alerts • Intrusion Events • Intrusion Event Packet Data • User Activity • Intrusion Event Extra Data • Malware Events • File Events • Connection Events This app was developed for and tested on Linux platforms only. Windows support is not currently available. Please check with Cisco for any change in status.