Release history for the Splunk Add-on for Cisco FireSIGHT
Latest version
The latest version of the Splunk Add-on for Cisco FireSIGHT is version 3.3.2. See Release notes for the Splunk Add-on for FireSIGHT for the release notes of this latest version.
Note: All versions of this add-on prior to 3.3.0 are named Splunk Add-on for Cisco Sourcefire.
Version 3.3.1
Version 3.3.1 of the Splunk Add-on for Cisco FireSIGHT has the same compatibility specifications as version 3.3.2.
Fixed issues
Version 3.3.1 of the Splunk Add-on for Cisco FireSIGHT has the following fixed issues.
| Date resolved | Ticket number | Description |
|---|---|---|
| 2015-10-09 | ADDON-5324 | Typo of all-lowercase estreamer rather than eStreamer in snort_vendor_lookup.csv causes ids_type CIM field to be missing for eStreamer source type. |
| 2015-10-09 | ADDON-4649 | Malware_Attacks.action "Malware Cloud Lookup" does not conform to CIM. |
Known issues
Version 3.3.1 of the Splunk Add-on for Cisco FireSIGHT has no reported known issues.
Third-party software attributions
Version 3.3.1 of the Splunk Add-on for Cisco FireSIGHT does not incorporate any third-party software or libraries.
Version 3.3.0
Version 3.3.0 of the Splunk Add-on for Cisco FireSIGHT has the same compatibility specifications as version 3.3.1.
New features
Version 3.3.0 of the Splunk Add-on for Cisco FireSIGHT has the following new features.
| Date | Ticket number | Description |
| 2014-05-27 | ADDON-2931 | Support for syslog data collection. |
| 2014-05-17 | ADDON-3720 | Renamed add-on to match Cisco's rebranding. |
Known issues
Version 3.3.0 of the Splunk Add-on for Cisco FireSIGHT has the following known issues.
| Date filed | Ticket number | Description |
| 2015-09-02 | ADDON-5324 | Typo of all-lowercase estreamer rather than eStreamer in snort_vendor_lookup.csv causes ids_type CIM field to be missing for eStreamer source type. |
| 2015-07-19 | ADDON-4649 | Malware_Attacks.action "Malware Cloud Lookup" does not conform to CIM. |
Third-party software attributions
Version 3.3.0 of the Splunk Add-on for Cisco FireSIGHT does not incorporate any third-party software or libraries.
Version 3.2.0
Version 3.2.0 of the Splunk Add-on for Cisco Sourcefire is compatible with the following software, CIM versions, and platforms.
| Splunk Enterprise versions | 6.2, 6.1 |
| CIM | 4.2, 4.1, 4.0, 3.0 |
| Platforms | Platform independent |
| Vendor Products | Sourcefire Version 4 syslog or eStreamer output; Cisco Sourcefire Version 5 output; open source Snort version 2.x |
Migration
This release consolidates the formerly separate Splunk Add-on for Snort into the Splunk Add-on for Cisco Sourcefire. The Splunk Add-on for Snort is automatically bundled with some versions of the Splunk App for Enterprise Security and the Splunk App for PCI Compliance. If you have either of those apps installed, disable TA-snort to avoid conflicts.
New features
Version 3.2.0 of the Splunk Add-on for Cisco Sourcefire had the following new features.
| Date | Ticket number | Description |
| 12/15/14 | ADDON-251 | Consolidated TA-snort and TA-sourcefire into single add-on. |
| 12/02/14 | ADDON-2362 | Updates to reflect CVE format changes. |
| 11/25/14 | ADDON-1821 | Pre-built panels added. |
Fixed issues
Version 3.2.0 of the Splunk Add-on for Cisco Sourcefire fixed the following issues.
| Date | Defect number | Description |
| 12/11/14 | ADDON-2506 | Incorrect fields and sourcetypes in eventtype definition for streamer events. |
| 12/09/14 | ADDON-2338 | Source type mismatch with eStreamer app. |
| 12/09/14 | ADDON-2228 | Conf file parsing errors occur on Splunk Enterprise 6.2. |
| 12/02/14 | ADDON-2471 | Incorrect label for add-on name in app.conf file. |
| 12/02/14 | ADDON-2470 | Incorrect author for add-on in app.conf file. |
Known issues
Version 3.2.0 of the Splunk Add-on for Cisco Sourcefire had no reported issues.
Third-party software attributions
Version 3.2.0 of the Splunk Add-on for Cisco Sourcefire does not incorporate any third-party software or libraries.
Version 3.1.2
Version 3.1.2 of the Splunk Add-on for Cisco Sourcefire was compatible with the following software, CIM versions, and platforms.
| Splunk Enterprise versions | 6.2, 6.1 |
| CIM | 4.1, 4.0, 3.0 |
| Platforms | Platform independent |
| Vendor Products | Sourcefire Version 4 syslog or eStreamer output; Cisco Sourcefire Version 5 output |
New features
Version 3.1.2 of the Splunk Add-on for Cisco Sourcefire added the following new features.
| Resolved date | Ticket number | Description |
| 4/14/14 | ADDON-867 | Newly Splunk-supported. |
Known issues
Version 3.1.2 of the Splunk Add-on for Cisco Sourcefire had the following known issues.
| Publication date | Defect number | Description |
| 10/30/14 | ADDON-2228 | Conf file parsing errors occur on Splunk Enterprise 6.2. |
Third-party software attributions
Version 3.1.2 of the Splunk Add-on for Cisco Sourcefire did not incorporate any third-party software or libraries.
| Release notes for the Splunk Add-on for Cisco FireSIGHT | Hardware and software requirements for the Splunk Add-on for Cisco FireSIGHT |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!