Source types for the Splunk Add-on for Cisco FireSIGHT
The Splunk Add-on for Cisco FireSIGHT provides the index-time and search-time knowledge for IDS, malware, and network traffic data from Cisco FireSIGHT, Sourcefire, and Snort IDS.
Data source | Format | Description | Source type | CIM compliance |
---|---|---|---|---|
Cisco FireSIGHT Management Center version 5.X | eStreamer | To gather data from Cisco FireSIGHT Management Center version 5 servers in eStreamer format, use the eStreamer for Splunk App | cisco:sourcefire
|
Intrusion Detection, Network Traffic, Malware |
Sourcefire Defense Center version 4.X | eStreamer | To gather data from Sourcefire Defense Center version 4 in eStreamer format, use the eStreamer for Splunk App | eStreamer
|
Intrusion Detection, Network Traffic |
Sourcefire appliance version 4.X | Syslog | Apply this source type to data that you collect from a Sourcefire device via syslog. | cisco:sourcefire:appliance:syslog
|
Malware |
Sourcefire Defense Center version 4.X | Syslog | Apply this source type to data that you collect from Sourcefire Defense Center via syslog. | cisco:sourcefire:defencecenter:syslog
|
Malware |
Snort IDS version 2.X | Syslog | Apply this source type to data collected from open-source Snort IDS via syslog. | snort
|
Intrusion Detection, Network Traffic |
About the Splunk Add-on for Cisco FireSIGHT | Release notes for the Splunk Add-on for Cisco FireSIGHT |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!