Cisco Umbrella Add-On for Splunk

DISCLAIMER: This add-on is no longer supported as there is now a first-party add-on developed by Cisco themselves: https://splunkbase.splunk.com/app/3324/ The purpose of this add-on is to provide CIM compliant field extractions for Cisco Umbrella OpenDNS logs AWS S3 bucket logs. This add-on requires the Splunk Add-on for Amazon Web Services as the means of data on-boarding. * Built for Splunk Enterprise 6.x.x or higher * CIM Compliance (CIM 4.0.0 or higher) * Ready for Enterprise Security * Requires Splunk Add-on for Amazon Web Services (unless using Cisco Managed S3) * https://splunkbase.splunk.com/app/1876/ * If using Cisco Managed S3, use their app here: https://splunkbase.splunk.com/app/5557/ * Supports Cisco Umbrella Log Management Version 1-5 * Supports Cisco Managed S3 buckets via awscli and a simple shell script (See Cisco Managed Buckets Instructions)