Release notes for the Splunk Add-on for Cisco ISE
Version 4.2.0 of the Splunk Add-on for Cisco ISE was released on July 14, 2022.
About this release
Version 4.2.0 of the Splunk Add-on for Cisco ISE is compatible with the following software, CIM versions, and platforms:
Splunk platform versions | 8.1, 8.2, 9.0 |
CIM | 5.0.1 |
Platforms | Platform independent |
Vendor Products | Cisco ISE version 2.0, 2.4, 2.7, 3.0 and 3.1 |
New features
Version 4.2.0 of the Splunk Add-on for Cisco ISE has the following new features.
- Added support for Cisco ISE v3.1
- Added support for CIM v5.0.1
- Added support for new eventtypes and the datamodels, which are mentioned in the following table:
eventtype | Data model mapped |
---|---|
cisco-ise-inventory
|
Inventory:Network |
cisco-ise-change-all
|
Change:All_Changes |
cisco-ise-guest-authentication-failed-attempts
|
Authentication |
- Below mentioned table indicates the data model support added for respective MESSAGE_CODE
MESSAGE_CODE | Data Model support added in this release |
---|---|
11036, 25012, 25016, 25018, 25020, 25045, 25046, 35000, 35001, 35046, 35048, 35050, 35051, 35055, 5417, 60164, 60191, 61075, 61236, 91002, 91006, 91007 | Alerts |
11213, 11507, 11521, 11522, 11806, 11808, 12300, 12301, 12302, 12310, 12313, 12500, 12552, 12561, 12800, 12801, 12802, 12804, 12805, 12806, 12807, 12810, 12811, 12812, 12813, 12816, 51001, 51002, 51021, 5205, 5231, 5236, 5405, 5413, 5418, 5436, 5440, 5441, 60080, 60204 | Authentication |
51003, 51101, 52000 | Change.Account_Management |
52001, 58003, 58004, 58016, 60094, 60106, 60153, 60208, 60216, 60237, 90051, 90200, 91003 | Change.All_Changes |
88010 | Inventory.Network |
- Extractions for
signature
andsignature_id
have been fixed as previously signature was used in both fields.signature
will be extracted fromMESSAGE_TEXT
signature_id
will be extracted fromMESSAGE_CODE
- New CIM field extraction added for
user_name
- Previously, a comma (,) occurred sometimes in the value of the field. Corrected the implementation such that the comma (,) is excluded from the value of the field
Fixed issues
Version 4.2.0 of the Splunk Add-on for Cisco ISE contains the following fixed issues.
If no issues appear below, no issues have yet been reported:
Known issues
Version 4.2.0 of the Splunk Add-on for Cisco ISE contains the following known issues.
If no issues appear below, no issues have yet been reported:
Third-party software attributions
Version 4.2.0 of the Splunk Add-on for Cisco ISE does not incorporate any third-party software or libraries.
Troubleshoot the Splunk Add-on for Cisco ISE | Release history for the Splunk Add-on for Cisco ISE |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!