Splunk® Supported Add-ons

Splunk Add-on for Cisco FireSIGHT

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Source types for the Splunk Add-on for Cisco FireSIGHT

The Splunk Add-on for Cisco FireSIGHT provides the index-time and search-time knowledge for IDS, malware, and network traffic data from Cisco FireSIGHT, Sourcefire, and Snort IDS.

Data source Format Description Source type CIM compliance
Cisco FireSIGHT Management Center version 5.X eStreamer To gather data from Cisco FireSIGHT Management Center version 5 servers in eStreamer format, use the eStreamer for Splunk App cisco:sourcefire Intrusion Detection, Network Traffic, Malware
Sourcefire Defense Center version 4.X eStreamer To gather data from Sourcefire Defense Center version 4 in eStreamer format, use the eStreamer for Splunk App eStreamer Intrusion Detection, Network Traffic
Sourcefire appliance version 4.X Syslog Apply this source type to data that you collect from a Sourcefire device via syslog. cisco:sourcefire:appliance:syslog Malware
Sourcefire Defense Center version 4.X Syslog Apply this source type to data that you collect from Sourcefire Defense Center via syslog. cisco:sourcefire:defencecenter:syslog Malware
Snort IDS version 2.X Syslog Apply this source type to data collected from open-source Snort IDS via syslog. snort Intrusion Detection, Network Traffic
Last modified on 22 April, 2016
PREVIOUS
About the Splunk Add-on for Cisco FireSIGHT
  NEXT
Release notes for the Splunk Add-on for Cisco FireSIGHT

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters