Cisco Secure Firewall App for Splunk

****Updates July 15th, 2024*** The current Cisco Secure Firewall app is EOL, and has been replaced by the Cisco Security Cloud -- https://splunkbase.splunk.com/app/7404 The Cisco Security Cloud -- https://splunkbase.splunk.com/app/7404 -- provides eStreamer SDK integration which will provide fully qualified event support for IDS, Malware, Connection and IDS Packet. The app is a hybrid TA/App combination that will enable support for connection and management to API and Host endpoints while also provided rich analytics to compliment SOC and monitoring use cases. ************************************ Cisco Secure Firewall App for Splunk presents critical security information from Threat Defense Manager (f.k.a. Firepower Management Center (FMC)) helping analysts focus on high priority security events. The app provides a number of dashboards and tables geared towards making Firepower event analysis productive in the familiar Spunk environment. It is an alternative user interface for some, and a complementary interface for others. Cisco is committed to continuously improving this app based on your direct feedback. Major Features Include - Threat Summary Dashboard - Advanced Impact Event analysis with directionality - Network Event data dashboard with IoCs and Firewall Rule usage (Allow/Block) - Context Explorer with Geo-location Map - Link back from Malware hash to FMC for File Trajectory - Link Back to FMC for Host Profile - Filters for CIDR Blocks and Allow/Block Rule actions TELL US WHAT WILL MAKE THIS APP BETTER FOR YOU! We want your feedback and any feature requests. Please email fp-4-splunk@cisco.com with any requests.