Splunk® Supported Add-ons

Splunk Add-on for Cisco ESA

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Release notes for the Splunk Add-on for Cisco ESA

Version 1.4.0 of the Splunk Add-on for Cisco ESA was released on August 24, 2020.

About this release

Version 1.4.0 of the Splunk Add-on for Cisco ESA is compatible with the following platforms, CIM versions, and products:

Splunk platform versions 7.2.x, 7.3.x, 8.0.x
CIM 4.16
Platforms Platform independent
Vendor Products Cisco ESA AsyncOS v10, v10.0.1, v11, v11.1, v11.5, v12, v12.1, v12.5, v13, v13.5 and v13.5.1

New Features

Version 1.4.0 of the Splunk Add-on for Cisco ESA has the following new features:

  • Support for Single Log Line Format.
  • Support for Cisco ESA for 13.5 and 13.5.1 versions.
  • New event types:
    • cisco_esa_cef
    • cisco_esa_mar
    • cisco_esa_delivery
  • New source types:
    • cisco:esa:cef
    • cisco:esa:delivery
    • cisco:esa:bounce
  • New Email data model mappings:
    • cisco_esa_delivery
    • cisco_esa_cef eventtype
  • The value for CIM field "app" is now "Cisco Email Security Appliance"
  • Deprecated support for AsyncOS 7.x, 8.x, 9.x
  • Malware data model mapping is now removed for cisco_esa_amp eventtype.
  • Web data model mapping is now removed for cisco_esa_proxy eventtype.
  • Email data model mapping is now removed for cisco_esa_email eventtype.

Fixed issues

Version 1.4.0 of the Splunk Add-on for Cisco ESA fixes the following issues. If no issues appear below, no issues have yet been reported.


Known issues

Version 1.4.0 of the Splunk Add-on for Cisco ESA contains the following known issues.

If no issues appear below, no issues have yet been reported.


Third-party software attributions

Version 1.4.0 of the Splunk Add-on for Cisco ESA does not incorporate any third-party software or libraries.

Last modified on 01 September, 2020
PREVIOUS
Troubleshoot the Splunk Add-on for Cisco ESA
  NEXT
Release history for the Splunk Add-on for Cisco ESA

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters