Welcome to the new Splunkbase! To return to the old Splunkbase, .
Collections
Apps
Submit an app
Warning

This app is archived.

Cisco Firepower pcap Add-on app icon

Cisco Firepower pcap Add-on

This add-on provides workflow actions for a Firepower IPS event to retrieve a pcap file or Snort rule from the Firepower Management Center (FMC). Assumes the "Cisco Firepower eStreamer eNcore Add-on for Splunk" has been installed with the event type "estreamer_ids_ips_event", and the event "host" field is the FMC. Copy "fp_pcap.cgi" and "fp_rule.cgi" from "$SPLUNK_HOME/etc/apps/TA-cisco-firepower-pcap-add-on/default/" to "/var/sf/htdocs/" on the FMC. Run command "sudo chown www:www fp_pcap.cgi fp_rule.cgi" and "sudo chmod 755 fp_pcap.cgi fp_rule.cgi".

Built by
splunk product badge
Latest Version 1.0.0
November 6, 2020
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0
Rating

0

(0)

Log in to rate this app
Support
Cisco Firepower pcap Add-on support icon
Not Supported
This add-on provides workflow actions for a Firepower IPS event to retrieve a pcap file or Snort rule from the Firepower Management Center (FMC). Assumes the "Cisco Firepower eStreamer eNcore Add-on for Splunk" has been installed with the event type "estreamer_ids_ips_event", and the event "host" field is the FMC. Copy "fp_pcap.cgi" and "fp_rule.cgi" from "$SPLUNK_HOME/etc/apps/TA-cisco-firepower-pcap-add-on/default/" to "/var/sf/htdocs/" on the FMC. Run command "sudo chown www:www fp_pcap.cgi fp_rule.cgi" and "sudo chmod 755 fp_pcap.cgi fp_rule.cgi".

Categories

Created By

D C

Type

addon

Downloads

519

Licensing

Splunk Answers

Resources

Log in to report this app listing