icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Cisco EULA

Splunk Websites Terms and Conditions of Use

Thank You

Downloading Cisco Secure Firewall (f.k.a. Firepower) App for Splunk
SHA256 checksum (cisco-secure-firewall-fka-firepower-app-for-splunk_141.tgz) a953168e50a3ec8d33c49004a31aac6b98e64dfbd6b126c5cc7daf359d9ec081 SHA256 checksum (cisco-secure-firewall-fka-firepower-app-for-splunk_140.tgz) d22d28a51c6e8fe536a181889af01dbcb22888a76a762741764bf3f231b6418a SHA256 checksum (cisco-secure-firewall-fka-firepower-app-for-splunk_137.tgz) 2a3c3d48881c2c7eef2b1a86ad7a9a1b78b1c965ff05956c549a67d0d98ca957 SHA256 checksum (cisco-secure-firewall-fka-firepower-app-for-splunk_135.tgz) 10de4fc0dc7271366469570db572c8b04f326acd509631c6906f361728e07bde SHA256 checksum (cisco-secure-firewall-fka-firepower-app-for-splunk_132.tgz) 9eb65a56dcf7a08a85f768bd8d3875ac389f7f0eb211a6cecb55ca65b9f5576a SHA256 checksum (cisco-secure-firewall-fka-firepower-app-for-splunk_131.tgz) bd8afb670ea7f1f522ec3b3bb1a965c801f1531a524025ff3d4b08b7216459e2 SHA256 checksum (cisco-secure-firewall-fka-firepower-app-for-splunk_129.tgz) 4381d928557ea40209b894c7d1e12c4e5f2a1414b031420c0284ad45328926f8 SHA256 checksum (cisco-secure-firewall-fka-firepower-app-for-splunk_127.tgz) 90dcb3b42187f71d2d47027b10a2956afda43b92650285c0a3d6c9b7c71c6972 SHA256 checksum (cisco-secure-firewall-fka-firepower-app-for-splunk_113.tgz) dc1d0396687908364dd3ad6378dcc42028b937d5b245a9aef53bb52fff33a5d9 SHA256 checksum (cisco-secure-firewall-fka-firepower-app-for-splunk_112.tgz) b06b9e0c4349560c9174669fd11f2c319c0dbbc995bcfd2bc8f1376de09b3d02 SHA256 checksum (cisco-secure-firewall-fka-firepower-app-for-splunk_111.tgz) 2c85277536c5c73c3e3bd61dbfdbaf415d94a63698f3ab8822a9c6b29bcd61f4 SHA256 checksum (cisco-secure-firewall-fka-firepower-app-for-splunk_11.tgz) e9d56ef2dc1439b7a5d6f20303929758f06815e00cc647c2da0160cc8fa7def4
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Cisco Secure Firewall (f.k.a. Firepower) App for Splunk

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
Cisco Secure Firewall App for Splunk presents critical security information from Threat Defense Manager (f.k.a. Firepower Management Center (FMC)) helping analysts focus on high priority security events. The app provides a number of dashboards and tables geared towards making Firepower event analysis productive in the familiar Spunk environment. It is an alternative user interface for some, and a complementary interface for others. Cisco is committed to continuously improving this app based on your direct feedback.

Major Features Include
- Threat Summary Dashboard
- Advanced Impact Event analysis with directionality
- Network Event data dashboard with IoCs and Firewall Rule usage (Allow/Block)
- Context Explorer with Geo-location Map
- Link back from Malware hash to FMC for File Trajectory
- Link Back to FMC for Host Profile
- Filters for CIDR Blocks and Allow/Block Rule actions

TELL US WHAT WILL MAKE THIS APP BETTER FOR YOU! We want your feedback and any feature requests. Please email fp-4-splunk@cisco.com with any requests.

A User Guide is published here https://cisco.com/go/firepower-for-splunk

TELL US WHAT WILL MAKE THIS APP BETTER FOR YOU! We want your feedback and any feature requests. Please email fp-4-splunk@cisco.com with any requests.

Release Notes

Version 1.4.1
Oct. 14, 2020

Modified app to conform to cloud certification requirements
Version 1.4.0
Oct. 7, 2020

Modified app to conform to cloud certification requirements
Removed setup.xml, users can directly modify the homenet.csv to determine inbound/outbound traffic
Version 1.3.7
Oct. 21, 2019

Firepower App for Splunk v 1.3.7

Release to Splunkbase 10/21/2019

v1.3.7 Updates -
*Cleaned up UI on Threats Summary page, and Context Explorer
*Modified queries to reflect encore changes, specifically querying filtered "Blocked" now uses the blocked field vs the action field.
*Modified Data In/Out metrics on Context Explorer
*Modified Umbrella Experience

Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Version 1.3.5
Sept. 24, 2019

Firepower App for Splunk v 1.3.5

Release to Splunkbase 9/23/2019

v1.3.5 Updates -
*removed issues that prevented version 1.3.2 from being cloud certified


Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Version 1.3.2
July 5, 2019

Firepower App for Splunk v 1.3.2

Release to Splunkbase 7/5/2019

v1.3.2 Updates -
*Fixed duplicate dashboard metric on front page for security intel events
*Added more reports to the "Reports" tab

Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Version 1.3.1
May 22, 2019

Firepower App for Splunk v 1.3.1

Release to Splunkbase 5/22/2019

v1.3.1 Updates -
*Updated content to conform to Splunk Cloud Certification standards

Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Version 1.2.9
April 24, 2019

Firepower App for Splunk v 1.2.9

Release to Splunkbase 4/24/2019

v1.2.9 Updates -
*Removed default enabled=true for the pythons scripts that support Umbrella, as well as removed other unused python scripts

Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Version 1.2.7
April 18, 2019

Firepower App for Splunk v 1.2.7

Release to Splunkbase 4/19/2019

v1.2.7 Updates -
*Umbrella Investigate is now here! Using the Event viewer you can now pull in Umbrella threat feeds. Requires Umbrella API Token
*Modifications made to adhere to Splunk Cloud certification requirements
*Settings has moved to traditional app/settings page

Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Version 1.1.3
Feb. 27, 2019

Firepower App for Splunk v 1.1.3

Release to Splunkbase 2/27/2019

v1.1.3 Updates -
*Modified Event Viewer to Link back to the FMC for IPs (Network Mapping) and Malware Hashes (File Trajectory)
*Modified Event Viewer to adhere to Cisco branding schemes
*Fixed issue with Action/Blocked Filters not being used in search queries

Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Version 1.1.2
Feb. 19, 2019

Firepower App for Splunk v 1.1.2

Release to Splunkbase 2/19/2019

v1.1.2 Updates -
*Modified queries to utilize configurable index located in Marco settings
*Added Event Viewer for Correlation Events

Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Version 1.1.1
Feb. 16, 2019

Cisco Firepower App for Splunk

v1.1.1 updates*
*Fixed issue with cross link to FMC on Threats->Dashboard->Indications of Compromise dashboard, previously the FMC ip didn't not load into the right click menu option
Version 1.1
Feb. 15, 2019

Release notes

Firepower App for Splunk v1.1

*Updates for v1.1 include fully validated by Splunk App Inspect
*Modification to Intrusion Events Dashboard, displaying High Priority Events by Class Description
*Cross Links back to FMC for File Trajectory on Host IoC Dashboard

Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Link Backs for File Trajectory, Host Profiles, Packet View
1,702
Installs
4,499
Downloads
Share Subscribe LOGIN TO DOWNLOAD
Version
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
This version has not passed Splunk AppInspect.
Built by
Cisco Security
Support
Developer Supported
Contact Developer Questions on Splunk Answers Flag as inappropriate
Technologies: Cisco
Compatibility
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
This version is not yet available for Splunk Cloud.
Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise
Splunk Versions: 8.1, 8.0 Platform: Platform Independent Splunk Versions: 8.1, 8.0, 7.3, 7.2 Platform: Platform Independent Splunk Versions: 7.3, 7.2 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 7.3, 7.2 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 7.3, 7.2 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 7.2 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 7.2 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 7.2 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 7.2 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 7.2 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 7.2 Platform: Platform Independent Splunk Versions: 7.2 Platform: Platform Independent CIM Versions: 4.x, 3.x
Licensing
Cisco EULA
Category & Contents
Categories: Security, Fraud & Compliance
App Type: App
Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Learn More

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Submit Your App Dev Resources
Follow Us:
© 2005-2021 Splunk Inc. All rights reserved.
Sitemap | Contact | Careers | Privacy | Terms of Use | Export Control | Report a Problem
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.