Splunk® Supported Add-ons

Splunk Add-on for Cisco FireSIGHT

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

About the Splunk Add-on for Cisco FireSIGHT

Version 3.3.2
Vendor Products Cisco FireSIGHT Management Center version 5 eStreamer output
Sourcefire Defense Center version 4.X syslog or eStreamer output
Open-source Snort version 2.x

The Splunk Add-on for Cisco FireSIGHT (formerly Splunk Add-on for Cisco Sourcefire) leverages data collected via Cisco eStreamer to allow a Splunk software administrator to analyze and correlate Cisco Next-Generation Intrusion Prevention System (NGIPS) and Cisco Next-Generation Firewall (NGFW) log data and Advanced Malware Protection (AMP) reports from Cisco FireSIGHT and Snort IDS through the Splunk Common Information Model. You can then use the mapped data with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.

This add-on does not include a data collection component. You can use other apps, such as eStreamer for Splunk to ingest Cisco FireSIGHT data, or you can use syslog.

Download the Splunk Add-on for Cisco FireSIGHT from Splunkbase at http://splunkbase.splunk.com/app/1808.

Discuss the Splunk Add-on for Cisco FireSIGHT on Splunk Answers at http://answers.splunk.com/answers/app/1808.

Last modified on 22 April, 2016
  NEXT
Source types for the Splunk Add-on for Cisco FireSIGHT

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters