About the Splunk Add-on for Cisco FireSIGHT
|Vendor Products||Cisco FireSIGHT Management Center version 5 eStreamer output|
Sourcefire Defense Center version 4.X syslog or eStreamer output
Open-source Snort version 2.x
The Splunk Add-on for Cisco FireSIGHT (formerly Splunk Add-on for Cisco Sourcefire) leverages data collected via Cisco eStreamer to allow a Splunk software administrator to analyze and correlate Cisco Next-Generation Intrusion Prevention System (NGIPS) and Cisco Next-Generation Firewall (NGFW) log data and Advanced Malware Protection (AMP) reports from Cisco FireSIGHT and Snort IDS through the Splunk Common Information Model. You can then use the mapped data with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.
This add-on does not include a data collection component. You can use other apps, such as eStreamer for Splunk to ingest Cisco FireSIGHT data, or you can use syslog.
Download the Splunk Add-on for Cisco FireSIGHT from Splunkbase at http://splunkbase.splunk.com/app/1808.
Discuss the Splunk Add-on for Cisco FireSIGHT on Splunk Answers at http://answers.splunk.com/answers/app/1808.
Source types for the Splunk Add-on for Cisco FireSIGHT
This documentation applies to the following versions of Splunk® Supported Add-ons: released