Splunk® Supported Add-ons

Splunk Add-on for Cisco ESA

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Release history for the Splunk Add-on for Cisco ESA

Latest version

The latest version of the Splunk Add-on for Cisco ESA is version 1.4.0. See Release notes for the Splunk Add-on for Cisco ESA for the release notes of this latest version.

Version 1.3.0

Version 1.3.0 of the Splunk Add-on for Cisco ESA was released on July 26, 2018.

About this release

Version 1.3.0 of the Splunk Add-on for Cisco ESA is compatible with the following platforms, CIM versions, and products:

Splunk platform versions 6.6.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.x
CIM 4.3 and later
Platforms Platform independent
Vendor Products Cisco IronPort ESA C370 on AsyncOS 7.x, 8.x, 9.x, 10.x, 11.x

New Features

Version 1.3.0 of the Splunk Add-on for Cisco ESA has the following new features:

  • Support for graymail logs
  • Support for country logs
  • Support for amp logs
  • Improved extraction of src_ip, dest_ip, src_host, and dest_port fields

Fixed issues

Version 1.3.0 of the Splunk Add-on for Cisco ESA fixes the following issues:


Date resolved Issue number Description
2018-06-04 ADDON-18065 Provide support for IPV6 for all the sourcetypes
2018-05-28 ADDON-18062 Extraction Issue: vendor_action TLS failed is not being extracted
2018-05-27 ADDON-18061 Extraction issues when vendor_action equals Connection Error
2018-05-17 ADDON-13220 An action value missing from search-time field extraction
2018-05-16 ADDON-8717 Cisco ESA Add-On Version 1.2.1 - Regex for identifying src_ip is incorrect, only getting last three octets
2018-05-10 ADDON-13181 Incorrect field mapping in cisco_esa_email_action_lookup.csv lookup file
2018-05-09 ADDON-12779 AV regex doesn't capture negative results
2018-05-09 ADDON-16588 Fix tls_for_cisco_esa transform

Known issues

Version 1.3.0 of the Splunk Add-on for Cisco ESA contains the following known issues.

If no issues appear below, no issues have yet been reported:


Third-party software attributions

Version 1.3.0 of the Splunk Add-on for Cisco ESA does not incorporate any third-party software or libraries.

Version 1.2.2

Version 1.2.2 of the Splunk Add-on for Cisco ESA is compatible with the following platforms, CIM versions, and products:

Splunk platform versions 6.3 and above
CIM 4.3 and above
Platforms Platform independent
Vendor Products Cisco IronPort ESA C370 on AsyncOS 7.x

Fixed issues

Version 1.2.2 of the Splunk Add-on for Cisco ESA fixes the following issues:

Resolved date Defect number Description
2016/04/18 ADDON-8725 CIM mapping is missing for the action field in the cisco:esa:http source type.
2016/04/12 ADDON-8207 Some fields in the cisco:esa:legacy source type are not extracted.
2016/04/05 ADDON-8570 Regex sometimes fails to extract IP addresses correctly.
2016/03/15 ADDON-7955 Performance issues in Splunk Enterprise Security related to tag expansions.
2016/02/19 ADDON-7765 src_ip is not captured correctly in the src_dest_fields_for_cisco_esa field extraction.
2016/02/19 ADDON-7743 Incorrect CIM mapping for src_user.

Known issues

Version 1.2.2 of the Splunk Add-on for Cisco ESA has no reported known issues.

Third-party software attributions

Version 1.2.2 of the Splunk Add-on for Cisco ESA does not incorporate any third-party software or libraries.

Version 1.2.1

Version 1.2.1 of the Splunk Add-on for Cisco ESA has the same compatibility specifications as version 1.2.2.

Fixed issues

Version 1.2.1 of the Splunk Add-on for Cisco ESA fixes the following issues:

Resolved date Defect number Description
2016/01/22 ADDON-6405 Invalid key-value parser warnings due to mismatches between props.conf and transforms.conf.
2016/01/11 ADDON-7389 Warning message in log concerning timestamp for cisco:esa:http.

Known issues

Version 1.2.1 of the Splunk Add-on for Cisco ESA has the following known issues:

Publication date Defect number Description
2016/02/11 ADDON-7765 src_ip not captured correctly in src_dest_fields_for_cisco_esa field extraction.

Third-party software attributions

Version 1.2.1 of the Splunk Add-on for Cisco ESA does not incorporate any third-party software or libraries.


Version 1.2.0

Version 1.2.0 of the Splunk Add-on for Cisco ESA has the same compatibility specifications as version 1.2.1.

New features

Version 1.2.0 of the Splunk Add-on for Cisco ESA had the following new feature:

Date Issue number Description
2014/11/13 ADDON-2313 Cisco ESA source types are now backwards compatible with legacy source types, cisco:esa and cisco_esa. See source types for details.

Fixed issues

Version 1.2.0 of the Splunk Add-on for Cisco ESA fixed the following issue:

Resolved date Defect number Description
2014/11/17 ADDON-2305 Syntax error in 7th field in the format line of the transform "connection_drop_for_cisco_esa" is reverse_dns=$7 instead of reverse_dns::$7.

Known issues

Version 1.2.0 of the Splunk Add-on for Cisco ESA has no reported known issues.

Third-party software attributions

Version 1.2.0 of the Splunk Add-on for Cisco ESA does not incorporate any third-party software or libraries.

Version 1.1.0

Version 1.1.0 of the Splunk Add-on for Cisco ESA has the same compatibility specifications as version 1.2.0.

Fixed issues

Version 1.1.0 of the Splunk Add-on for Cisco ESA fixes the following issues:

Resolved date Defect number Description
2014/10/30 ADDON-2181 Events should not be source typed cisco:sea:syslog
2014/10/28 ADDON-2134 Need to extract more fields for Authentication logs
2014/10/28 ADDON-2133 Need to extract more fields for HTTP logs
2014/10/28 ADDON-2132 Need to extract more fields for System logs
2014/10/28 ADDON-2148 Extract fields from Spam Quarantine Logs
2014/10/28 ADDON-2149 Extract fields from Spam Quarantine GUI Logs
2014/10/28 ADDON-2151 Extract fields from Safe/Block Lists Logs
2014/10/28 ADDON-2131 Extract more fields for Text Mail logs
2014/10/21 ADDON-2189 TA folder name is wrong

Known issues

Version 1.1.0 of the Splunk Add-on for Cisco ESA has the following known issue:

Publication date Defect number Description
2014/11/13 ADDON-2313 New Cisco ESA source types are not backwards compatible. Version 1.0.0 used only one source type, cisco:esa. Prior versions used cisco_esa. There are currently no rename functions included with the add-on to support the mapping of old data.

Third-party software attributions

Version 1.1.0 of the Splunk Add-on for Cisco ESA does not incorporate any third-party software or libraries.

Last modified on 01 September, 2020
PREVIOUS
Release notes for the Splunk Add-on for Cisco ESA
 

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters