Splunk® Supported Add-ons

Splunk Add-on for Cisco WSA

Download manual as PDF

Download topic as PDF

Release history for the Splunk Add-on for Cisco WSA

Latest release

The latest version of the Splunk Add-on for Cisco WSA is version 3.3.0. Please see Release notes for the Splunk Add-on for Cisco WSA for the release notes of this latest version.

Version 3.2.4

Version 3.2.4 of the Splunk Add-on for Cisco WSA has the same compatibility specifications as version 3.3.0.


Fixed issues

Version 3.2.4 of the Splunk Add-on for Cisco WSA has the following fixed issues.

Resolved Date Issue number Description
2015-12-03 ADDON-6749 Eventtypes cisco_wsa_squid, cisco_wsa_l4tm, cisco_wsa_block are required for Cisco Security Suite app. These have been added to eventtypes.conf.
2016-01-26 ADDON-7516 Warning message in splunkd.log: "Failed to parse timestamp" caused by bad header info.

Known issues

Version 3.2.4 of the Splunk Add-on for Cisco WSA has the following known issue.

Date Issue number Description
2014-11-24 ADDON-2350 Cisco Security Suite 3.0.3 compatibility issues. Cisco Security Suite is community supported, so add-on is compatible on a best-effort basis. File bugs for specific issues.

Third-party software attributions

Version 3.2.4 of the Splunk Add-on for Cisco WSA does not incorporate any third-party software or libraries.

Version 3.2.3

Version 3.2.3 of the Splunk Add-on for Cisco WSA has the same compatibility specifications as version 3.2.4.

New features

Version 3.2.3 of the Splunk Add-on for Cisco WSA has the following new features.

Date Issue number Description
2015-11-06 ADDON-6278 Support for Cisco WSA version 8.5.3 and 9.0.

Fixed issues

Version 3.2.3 of the Splunk Add-on for Cisco WSA has the following fixed issues.

Resolved Date Defect number Description
2015-11-06 ADDON-6315 Missing value for vendor_action in lookup.

Known issues

Version 3.2.3 of the Splunk Add-on for Cisco WSA has the following known issue.

Date Defect number Description
2014-11-24 ADDON-2350 Cisco Security Suite 3.0.3 compatibility issues. Cisco Security Suite is community supported, so add-on is compatible on a best-effort basis. File bugs for specific issues.

Third-party software attributions

Version 3.2.3 of the Splunk Add-on for Cisco WSA does not incorporate any third-party software or libraries.

Version 3.2.2

Version 3.2.2 of the Splunk Add-on for Cisco WSA is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.2 or later
CIM 4.2 or later
Platforms Platform independent
Vendor Products Cisco IronPort AsyncOS 7.1, 7.5, 7.7, 8.0, 8.0.6, 8.1.0, 8.5.0, and 8.5.2.

New features

Version 3.2.2 of the Splunk Add-on for Cisco WSA has the following new features.

Resolved date Issue number Description
2015-09-24 ADDON-5055 Support for Cisco WSA version 8.5.

Fixed issues

Version 3.2.2 of the Splunk Add-on for Cisco WSA has no fixed issues.

Known issues

Version 3.2.2 of the Splunk Add-on for Cisco WSA has the following known issue.

Date Defect number Description
2014-11-24/ ADDON-2350 Cisco Security Suite 3.0.3 compatibility issues. Cisco Security Suite is community supported, so add-on is compatible on a best-effort basis. File bugs for specific issues.

Third-party software attributions

Version 3.2.2 of the Splunk Add-on for Cisco WSA does not incorporate any third-party software or libraries.

Version 3.2.1

Version 3.2.1 of the Splunk Add-on for Cisco WSA is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 6.2 or later
CIM 4.2 or later
Platforms Platform independent
Vendor Products Cisco IronPort AsyncOS 7.1, 7.5, 7.7, 8.0, 8.0.6, and 8.1.0.

New features

Version 3.2.1 of the Splunk Add-on for Cisco WSA has the following new features.

Resolved date Issue number Description
08/17/15 ADDON-4025 Extract additional fields from Cisco WSA access log (sourcetype=cisco:wsa:squid) and map those fields to CIM.

Fixed issues

Version 3.2.1 of the Splunk Add-on for Cisco WSA has no fixed issues.

Known issues

Version 3.2.1 of the Splunk Add-on for Cisco WSA has the following known issue.

Date Defect number Description
11/24/14 ADDON-2350 Cisco Security Suite 3.0.3 compatibility issues. Cisco Security Suite is community supported, so add-on is compatible on a best-effort basis. File bugs for specific issues.

Third-party software attributions

Version 3.2.1 of the Splunk Add-on for Cisco WSA does not incorporate any third-party software or libraries.

Version 3.2.0

New features

Version 3.2.0 of the Splunk Add-on for Cisco WSA had the following new features.

Resolved date Issue number Description
05/01/15 ADDON-3799/
ADDON-3384/
ADDON-2774
Support for versions 8.0, 8.0.6, and 8.1.0 of Cisco WSA.
05/01/15 ADDON-3066 Malware detection support.

Fixed issues

Version 3.2.0 of the Splunk Add-on for Cisco WSA fixed the following issues.

Resolved date Defect number Description
04/30/15 ADDON-3901 Event type cisco_wsa_virusfound is not defined correctly.
01/20/15 ADDON-2913 kv_for_cisco_wsa_squid regex is unable to field extract

Known issues

Version 3.2.0 of the Splunk Add-on for Cisco WSA had the following known issue.

Date Defect number Description
11/24/14 ADDON-2350 Cisco Security Suite 3.0.3 compatibility issues. Cisco Security Suite is community supported, so add-on is compatible on a best-effort basis. File bugs for specific issues.

Third-party software attributions

Version 3.2.0 of the Splunk Add-on for Cisco WSA did not incorporate any third-party software or libraries.

Version 3.1.1

Fixed issues

Version 3.1.1 of the Splunk Add-on for Cisco WSA fixed the following issue.

Resolved date Defect number Description
11/16/14 ADDON-2292 Splunk_TA_cisco-wsa needs to provide backwards-compatible eventtypes as an option in the add-on. 3.0.1 version of this add-on defined the cisco-wsa-squid eventtype, which is used in most pre-built searches of the Cisco Security Suite.

Known issues

Version 3.1.1 of the Splunk Add-on for Cisco WSA had the following known issues.

Date Defect number Description
11/24/14 ADDON-2350 Cisco Security Suite 3.0.3 compatibility issues. Cisco Security Suite is community supported, so add-on is compatible on a best-effort basis. File bugs for specific issues.
12/04/14 ADDON-2511 Cisco WSA supports RFC3164 style syslog, not the more recent RFC5424 style syslog. Thus, you are limited to 1,024 bytes per syslog packet from a WSA. The Splunk Add-on for Cisco WSA extractions for Squid style logs assume that you want all the data and are using the SCP or FTP option to get your data. Alternatively, you may be able to configure a custom W3C format that drops enough fields to fit into a 1,024 byte packet, and manually alter props and transforms.

Third-party software attributions

Version 3.1.1 of the Splunk Add-on for Cisco WSA did not incorporate any third-party software or libraries.

Version 3.1.0

New features

Version 3.1.0 of the Splunk Add-on for Cisco WSA included the following new features:

  • Support for Cisco WSA 7.7.0 syslog (ADDON-1702)

Fixed issues

Version 3.1.0 of the Splunk Add-on for Cisco WSA fixed the following issues:

  • Splunk Enterprise should be able to extract user agent and category fields from WSA data (ADDON-1114)
  • Non communication events should not be tagged "communicate" (ADDON-1030)
  • Incorrect extraction due to regex syntax (ADDON-1029)
  • Add-on should include lookup for action based on vendor_action (ADDON-959)

Known issues

Version 3.1.0 of the Splunk Add-on for Cisco WSA had the following known issues:

  • Splunk_TA_cisco-wsa needs to provide backwards-compatible eventtypes as an option in the add-on. 3.0.1 version of this add-on defined the cisco-wsa-squid eventtype, which is used in most pre-built searches of the Cisco Security Suite. (ADDON-2292)
  • Cisco Security Suite 3.0.3 compatibility issues. Knowledge object updates needed in props and transforms to support CSS searches. (ADDON-2350)
  • Cisco Security Suite category widget produces: "Error in 'lookup' command: The lookup table 'cisco-wsa-category' does not exist." (ADDON-2349)
PREVIOUS
Release notes for the Splunk Add-on for Cisco WSA
  NEXT
Hardware and software requirements for the Splunk Add-on for Cisco WSA

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters