Splunk® Supported Add-ons

Splunk Add-on for Cisco FireSIGHT

Download manual as PDF

Download topic as PDF

About the Splunk Add-on for Cisco FireSIGHT

Version 3.3.2
Vendor Products Cisco FireSIGHT Management Center version 5 eStreamer output
Sourcefire Defense Center version 4.X syslog or eStreamer output
Open-source Snort version 2.x

The Splunk Add-on for Cisco FireSIGHT (formerly Splunk Add-on for Cisco Sourcefire) leverages data collected via Cisco eStreamer to allow a Splunk software administrator to analyze and correlate Cisco Next-Generation Intrusion Prevention System (NGIPS) and Cisco Next-Generation Firewall (NGFW) log data and Advanced Malware Protection (AMP) reports from Cisco FireSIGHT and Snort IDS through the Splunk Common Information Model. You can then use the mapped data with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.

This add-on does not include a data collection component. You can use other apps, such as eStreamer for Splunk to ingest Cisco FireSIGHT data, or you can use syslog.

Download the Splunk Add-on for Cisco FireSIGHT from Splunkbase at http://splunkbase.splunk.com/app/1808.

Discuss the Splunk Add-on for Cisco FireSIGHT on Splunk Answers at http://answers.splunk.com/answers/app/1808.

  NEXT
Source types for the Splunk Add-on for Cisco FireSIGHT

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Comments

We see the IDS Sourcefire data in a module named App Sourcefire but we don't see these estreamer data in the Enterprise Security module (without app estreamer or app sourcefire). In Enterprise Security module, many data are populated with unknown values. Is that the right way to work? Thank you for your answer.

Laurent.ripaux
August 14, 2017

Is anything planned to upgrade the Splunk App for Cisco FireSight to be compatible with Cisco FirePower 6.x using their new eStreamer eNcore data collection client?

Rmccarthy splunk, Splunker
August 8, 2017

Hi Hlievens. Thanks for your question. The add-on does not include a data collection component for eStreamer data, so you can use the eStreamer app (https://splunkbase.splunk.com/app/1629/) to get data in, or you can use no app at all and just use syslog.

Rpille splunk, Splunker
August 10, 2015

Does the Splunk Add-on for Cisco FireSIGHT replace the old eStreamer app? Which one should we be using? The old eStreamer app hasn't been updated since Aug. 2014...

Hlievens
August 7, 2015

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters