icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Log4Shell Vulnerability: Information and guidance for you. Get resources.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Cisco Endpoint Security Analytics (CESA) Add-On for Splunk
SHA256 checksum (cisco-endpoint-security-analytics-cesa-add-on-for-splunk_405.tgz) 6883d8f8137c0f1801a55760d99a13b11917b0e3490810384814b608dab5541c SHA256 checksum (cisco-endpoint-security-analytics-cesa-add-on-for-splunk_402.tgz) be183bb72205ff616645c6917b42f487a7cc9ef93d45d292135f4463eb73aede SHA256 checksum (cisco-endpoint-security-analytics-cesa-add-on-for-splunk_401.tgz) a1e1b4548682a31b864ff493342def156e38c96d3c3fd9e8386a6b7e65fa28ab SHA256 checksum (cisco-endpoint-security-analytics-cesa-add-on-for-splunk_400.tgz) a1d4e476661f1f839f20fd648a743a10ca0a854f2f8e94ea38b08e3434701d1c SHA256 checksum (cisco-endpoint-security-analytics-cesa-add-on-for-splunk_318.tgz) b8b0318faac8be02eb056ec3812ca4360a91c2c7bb04bcea4ec43441b6c884cb SHA256 checksum (cisco-endpoint-security-analytics-cesa-add-on-for-splunk_309.tgz) 317b11a841149cc41d51322d575df99fe9d41d2086600c39939dd166f40e0913 SHA256 checksum (cisco-endpoint-security-analytics-cesa-add-on-for-splunk_304.tgz) 660023190a0dd8bed0e6909a3e749feb9352a508d74b015e2a1f01a640f4d1ce SHA256 checksum (cisco-endpoint-security-analytics-cesa-add-on-for-splunk_218.tgz) 39fe2c9345fad8ecd45d2f55dc999c4ab3932bd7b257755ecb6c5d4f37112603
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate


Cisco Endpoint Security Analytics (CESA) Add-On for Splunk

Splunk Cloud
Use and Cisco TAC support of this Add-On and related App require a purchase of Cisco Endpoint Security Analytics (CESA) endpoint license beginning v2.1.4. Please see the Cisco Supplemental End User License (SEULA) below for details. Under the SEULA, free use is permitted for: a) one 90-day trial/proof of value installation; b) on-going use for installations with 50 or fewer Cisco AnyConnect clients.

The Cisco Endpoint Security Analytics (CESA) Add-On for Splunk allows IT administrators to analyze and correlate user and endpoint behavior in Splunk Enterprise. This Add-on provides configuration and collection of data from the Cisco AnyConnect Network Visibility Module IPFIX (nvzFlow) Collector. This module collects additional context such as user, device, application, location and destination for flows both on and off premise.

See the Cisco Endpoint Security Analytics (CESA) for Splunk for more information - https://splunkbase.splunk.com/app/2992/#/details

The Add-on maps the data types from the NVM Collector into the appropriate Splunk data types.


Refer to Add-On section of the Cisco AnyConnect Network Visibility Module (NVM) App for Splunk details page for more information.

Release Notes

Version 4.0.5
Jan. 25, 2022

*Updated collector to version 4.10.04067

Version 4.0.2
Oct. 11, 2021

*Enumerating TA to coincidence with dashboard app version

Version 4.0.1
Aug. 23, 2021

Updated core version of the NVM collector

Version 4.0.0
July 21, 2021

*updates to coincide with dashboard changes and sync revisions

Version 3.1.8
Feb. 22, 2021

*Added NVM Collector which includes 270, 271 templates preloaded in the image

Version 3.0.9
Aug. 27, 2020

Splunk 8.0 release

*Removed inputs.conf due to security requirements for Cloud validation, UDP inputs will have to be configured via Splunk Web, please refer to guide posted on http://cs.co/cesa-pov for more information

Version 3.0.4
June 26, 2020

Adds support for exciting new features in AnyConnect 4.9 or later, including process-path and process-arguments attributes.
See the latest specification on https://developer.cisco.com/site/network-visibility-module/ for more details.
This update includes a new NVM Collector that you must install to obtain new AnyConnect 4.9 capabilities.

The CESA / NVM solution has been updated to support new Remote Worker use cases such as monitoring Split Tunneling in addition to on-premise monitoring use cases such as Split Networking (office workers using insecure wifi and secure wifi at the same time).

Version 2.1.8
May 27, 2020

*Updated to keep current with dashboard revision

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.