Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Cisco Secure eStreamer Client Add-On for Splunk app icon

Cisco Secure eStreamer Client Add-On for Splunk

****Updates July 15th, 2024*** The current Cisco Secure Firewall app is EOL, and has been replaced by the Cisco Security Cloud -https://splunkbase.splunk.com/app/7404 The Cisco Security Cloud -- https://splunkbase.splunk.com/app/7404 -- provides eStreamer SDK integration which will provide fully qualified event support for IDS, Malware, Connection and IDS Packet data. ************************************ Cisco Secure eStreamer Client (f.k.a. eNcore) Technical Add-on for Splunk is an eStreamer client with a Splunk plugin that provides comprehensive event forwarding from all 6.x versions of Threat Defense Manager (f.k.a. Firepower Management Center) to Splunk Enterprise and Splunk Enterprise Security. The following event types are supported with complete schema coverage through the eStreamer API specification for Threat Defense Manager version 6.2+. • Discovery Events • Correlation and White List Events • Impact Flag Alerts • Intrusion Events • Intrusion Event Packet Data • User Activity • Intrusion Event Extra Data • Malware Events • File Events • Connection Events This app was developed for and tested on Linux platforms only. Windows support is not currently available. Please check with Cisco for any change in status.

splunk product badge
screenshot
screenshot

Latest Version 5.2.9
October 10, 2023
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0
Rating

0

(0)

Log in to rate this app
Support
Cisco Secure eStreamer Client Add-On for Splunk support icon
Developer Supported addon
Learn more
Ranking

#2

in Network Security

#38

in Security, Fraud & Compliance
****Updates July 15th, 2024*** The current Cisco Secure Firewall app is EOL, and has been replaced by the Cisco Security Cloud -https://splunkbase.splunk.com/app/7404 The Cisco Security Cloud -- https://splunkbase.splunk.com/app/7404 -- provides eStreamer SDK integration which will provide fully qualified event support for IDS, Malware, Connection and IDS Packet data. ************************************ Cisco Secure eStreamer Client (f.k.a. eNcore) Technical Add-on for Splunk is an eStreamer client with a Splunk plugin that provides comprehensive event forwarding from all 6.x versions of Threat Defense Manager (f.k.a. Firepower Management Center) to Splunk Enterprise and Splunk Enterprise Security. The following event types are supported with complete schema coverage through the eStreamer API specification for Threat Defense Manager version 6.2+. • Discovery Events • Correlation and White List Events • Impact Flag Alerts • Intrusion Events • Intrusion Event Packet Data • User Activity • Intrusion Event Extra Data • Malware Events • File Events • Connection Events This app was developed for and tested on Linux platforms only. Windows support is not currently available. Please check with Cisco for any change in status.

Categories

Created By

Cisco Security

Type

addon

Downloads

44,768

Resources

Login to report this app listing