All Apps and Add-ons
Highlighted

How do I configure Cisco Security Suite & Cisco Ironport Web Security Apps.

New Member

I am running Splunk version 4.2, build 96430 on a Windows server. I have just installed Cisco Security Suite 1.0.1, Cisco Ironport Web Security Appliance 1.0.0 and MAXMIND 1.0.6. I need to find some documentation regarding configuration for these apps. I have tried the following URL but it ends up with a 404 error.

http://www.splunkbase.com/apps/All/4.x/App/app:Splunk+for+Cisco+Security

Does anyone have a good link to config docs for these apps? Thanks!

0 Karma
Highlighted

Re: How do I configure Cisco Security Suite & Cisco Ironport Web Security Apps.

New Member

I configured log subscriptions on the WSA and ESA to FTP logs to separate directories on the splunk indexer.
Then I created a file data input for each, setting the sourcetype manually to ciscoesa for email and ciscowsa_squid for the web filter.

I think that was all 😉

Hope that helps!

-Katherine

0 Karma