Splunk® Supported Add-ons

Splunk Add-on for Cisco ISE

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Release notes for the Splunk Add-on for Cisco ISE

Version 4.2.0 of the Splunk Add-on for Cisco ISE was released on July 14, 2022.

About this release

Version 4.2.0 of the Splunk Add-on for Cisco ISE is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.1, 8.2, 9.0
CIM 5.0.1
Platforms Platform independent
Vendor Products Cisco ISE version 2.0, 2.4, 2.7, 3.0 and 3.1


New features

Version 4.2.0 of the Splunk Add-on for Cisco ISE has the following new features.

  • Added support for Cisco ISE v3.1
  • Added support for CIM v5.0.1
  • Added support for new eventtypes and the datamodels, which are mentioned in the following table:
eventtype Data model mapped
cisco-ise-inventory Inventory:Network
cisco-ise-change-all Change:All_Changes
cisco-ise-guest-authentication-failed-attempts Authentication
  • Below mentioned table indicates the data model support added for respective MESSAGE_CODE
MESSAGE_CODE Data Model support added in this release
11036, 25012, 25016, 25018, 25020, 25045, 25046, 35000, 35001, 35046, 35048, 35050, 35051, 35055, 5417, 60164, 60191, 61075, 61236, 91002, 91006, 91007 Alerts
11213, 11507, 11521, 11522, 11806, 11808, 12300, 12301, 12302, 12310, 12313, 12500, 12552, 12561, 12800, 12801, 12802, 12804, 12805, 12806, 12807, 12810, 12811, 12812, 12813, 12816, 51001, 51002, 51021, 5205, 5231, 5236, 5405, 5413, 5418, 5436, 5440, 5441, 60080, 60204 Authentication
51003, 51101, 52000 Change.Account_Management
52001, 58003, 58004, 58016, 60094, 60106, 60153, 60208, 60216, 60237, 90051, 90200, 91003 Change.All_Changes
88010 Inventory.Network
  • Extractions for signature and signature_id have been fixed as previously signature was used in both fields. signature will be extracted from MESSAGE_TEXT signature_id will be extracted from MESSAGE_CODE
  • New CIM field extraction added for user_name
  • Previously, a comma (,) occurred sometimes in the value of the field. Corrected the implementation such that the comma (,) is excluded from the value of the field


Fixed issues

Version 4.2.0 of the Splunk Add-on for Cisco ISE contains the following fixed issues.

If no issues appear below, no issues have yet been reported:


Known issues

Version 4.2.0 of the Splunk Add-on for Cisco ISE contains the following known issues.

If no issues appear below, no issues have yet been reported:


Third-party software attributions

Version 4.2.0 of the Splunk Add-on for Cisco ISE does not incorporate any third-party software or libraries.

Last modified on 21 July, 2022
PREVIOUS
Troubleshoot the Splunk Add-on for Cisco ISE 		  NEXT
Release history for the Splunk Add-on for Cisco ISE

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters