Splunk® Supported Add-ons

Splunk Add-on for Cisco FireSIGHT

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Release history for the Splunk Add-on for Cisco FireSIGHT

Latest version

The latest version of the Splunk Add-on for Cisco FireSIGHT is version 3.3.2. See Release notes for the Splunk Add-on for FireSIGHT for the release notes of this latest version.

Note: All versions of this add-on prior to 3.3.0 are named Splunk Add-on for Cisco Sourcefire.

Version 3.3.1

Version 3.3.1 of the Splunk Add-on for Cisco FireSIGHT has the same compatibility specifications as version 3.3.2.

Fixed issues

Version 3.3.1 of the Splunk Add-on for Cisco FireSIGHT has the following fixed issues.

Date resolved Ticket number Description
2015-10-09 ADDON-5324 Typo of all-lowercase estreamer rather than eStreamer in snort_vendor_lookup.csv causes ids_type CIM field to be missing for eStreamer source type.
2015-10-09 ADDON-4649 Malware_Attacks.action "Malware Cloud Lookup" does not conform to CIM.

Known issues

Version 3.3.1 of the Splunk Add-on for Cisco FireSIGHT has no reported known issues.

Third-party software attributions

Version 3.3.1 of the Splunk Add-on for Cisco FireSIGHT does not incorporate any third-party software or libraries.

Version 3.3.0

Version 3.3.0 of the Splunk Add-on for Cisco FireSIGHT has the same compatibility specifications as version 3.3.1.

New features

Version 3.3.0 of the Splunk Add-on for Cisco FireSIGHT has the following new features.

Date Ticket number Description
2014-05-27 ADDON-2931 Support for syslog data collection.
2014-05-17 ADDON-3720 Renamed add-on to match Cisco's rebranding.

Known issues

Version 3.3.0 of the Splunk Add-on for Cisco FireSIGHT has the following known issues.

Date filed Ticket number Description
2015-09-02 ADDON-5324 Typo of all-lowercase estreamer rather than eStreamer in snort_vendor_lookup.csv causes ids_type CIM field to be missing for eStreamer source type.
2015-07-19 ADDON-4649 Malware_Attacks.action "Malware Cloud Lookup" does not conform to CIM.

Third-party software attributions

Version 3.3.0 of the Splunk Add-on for Cisco FireSIGHT does not incorporate any third-party software or libraries.

Version 3.2.0

Version 3.2.0 of the Splunk Add-on for Cisco Sourcefire is compatible with the following software, CIM versions, and platforms.

Splunk Enterprise versions 6.2, 6.1
CIM 4.2, 4.1, 4.0, 3.0
Platforms Platform independent
Vendor Products Sourcefire Version 4 syslog or eStreamer output; Cisco Sourcefire Version 5 output; open source Snort version 2.x

Migration

This release consolidates the formerly separate Splunk Add-on for Snort into the Splunk Add-on for Cisco Sourcefire. The Splunk Add-on for Snort is automatically bundled with some versions of the Splunk App for Enterprise Security and the Splunk App for PCI Compliance. If you have either of those apps installed, disable TA-snort to avoid conflicts.

New features

Version 3.2.0 of the Splunk Add-on for Cisco Sourcefire had the following new features.

Date Ticket number Description
12/15/14 ADDON-251 Consolidated TA-snort and TA-sourcefire into single add-on.
12/02/14 ADDON-2362 Updates to reflect CVE format changes.
11/25/14 ADDON-1821 Pre-built panels added.

Fixed issues

Version 3.2.0 of the Splunk Add-on for Cisco Sourcefire fixed the following issues.

Date Defect number Description
12/11/14 ADDON-2506 Incorrect fields and sourcetypes in eventtype definition for streamer events.
12/09/14 ADDON-2338 Source type mismatch with eStreamer app.
12/09/14 ADDON-2228 Conf file parsing errors occur on Splunk Enterprise 6.2.
12/02/14 ADDON-2471 Incorrect label for add-on name in app.conf file.
12/02/14 ADDON-2470 Incorrect author for add-on in app.conf file.

Known issues

Version 3.2.0 of the Splunk Add-on for Cisco Sourcefire had no reported issues.

Third-party software attributions

Version 3.2.0 of the Splunk Add-on for Cisco Sourcefire does not incorporate any third-party software or libraries.

Version 3.1.2

Version 3.1.2 of the Splunk Add-on for Cisco Sourcefire was compatible with the following software, CIM versions, and platforms.

Splunk Enterprise versions 6.2, 6.1
CIM 4.1, 4.0, 3.0
Platforms Platform independent
Vendor Products Sourcefire Version 4 syslog or eStreamer output; Cisco Sourcefire Version 5 output

New features

Version 3.1.2 of the Splunk Add-on for Cisco Sourcefire added the following new features.

Resolved date Ticket number Description
4/14/14 ADDON-867 Newly Splunk-supported.

Known issues

Version 3.1.2 of the Splunk Add-on for Cisco Sourcefire had the following known issues.

Publication date Defect number Description
10/30/14 ADDON-2228 Conf file parsing errors occur on Splunk Enterprise 6.2.

Third-party software attributions

Version 3.1.2 of the Splunk Add-on for Cisco Sourcefire did not incorporate any third-party software or libraries.

Last modified on 22 April, 2016
PREVIOUS
Release notes for the Splunk Add-on for Cisco FireSIGHT
  NEXT
Hardware and software requirements for the Splunk Add-on for Cisco FireSIGHT

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters