All Apps and Add-ons
Highlighted

Configuration with only ASA and ISE logs

Builder

I am running Splunk 6.5.1 on Linux, and just installed the Cisco Security app v3.1.2. I am only consuming ASA and ISE logs, so I configured the app for only those two components. But I don't see a menu item related to ASA events, though I do see one for ISE.
Where can I find the ASA visualizations?

0 Karma
Highlighted

Re: Configuration with only ASA and ISE logs

Builder

Answered my own question. What people in my organization describe as "ASA" is considered a "Firewall" from the perspective of the Splunk app. I do have a Firewall menu along with my ISE menu, and I see relevant events.

View solution in original post

0 Karma