Release notes for the Splunk Add-on for Cisco FireSIGHT
Version 3.3.2 of the Splunk Add-on for Cisco FireSIGHT is compatible with the following software, CIM versions, and platforms.
|Splunk platform versions||7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.x|
|Vendor Products||Cisco FireSIGHT Management Center version 5 eStreamer output, Sourcefire Defense Center version 4.X syslog or eStreamer output, Open-source Snort version 2.x|
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
Version 3.3.2 of the Splunk Add-on for Cisco FireSIGHT has the following fixed issues.
|Date resolved||Ticket number||Description|
|2016-04-21||ADDON-8918||"app_proto" should be mapped to "app" field in Network Traffic CIM data model for event type |
|2016-04-21||ADDON-8749||Refine "signature" field definition for source type |
|2016-04-20||ADDON-8902||The "severity" field in source type |
|2016-03-14||ADDON-7954||Performance issues in Splunk Enterprise Security related to tag expansions.|
|2016-03-14||ADDON-8204||Update definition of event type "cisco_sourcefire" as "Malware Clould Lookup" is actually a |
Version 3.3.2 of the Splunk Add-on for Cisco FireSIGHT has the following reported known issues.
|2015-11-10||ADDON-6381||eStreamer malware data is incorrectly tagged.|
Third-party software attributions
Version 3.3.2 of the Splunk Add-on for Cisco FireSIGHT does not incorporate any third-party software or libraries.
Source types for the Splunk Add-on for Cisco FireSIGHT
Release history for the Splunk Add-on for Cisco FireSIGHT
This documentation applies to the following versions of Splunk® Supported Add-ons: released