All Apps and Add-ons

How to get Cisco IPS logs in Spunk Cloud

raomu
Explorer

Hello,

I am using Splunk Managed cloud service ( SH and Indexers are in Cloud)

I have 2 Heavy forwarder in my environment ( on premises )

I am trying to install and configure CISCO IPS logs in Spunk and have few questions:

Step 1) IPS and Splunk are pingable with no firewall between them. Do I also need to check for any specific also ports to opened ?

Step 2) I have installed CISCO IPS add on to my heavy forwarder. Do I also need to install the add-on on Indexers and SH as well ?

Setp 3) Do we also have any app for supporting this Add-on ? ( Although, I have Enterprise Security installed already )

Step 4) If I have more than 1 IPS devices, how I am going to configure them ?

Please advice.

Tags (1)
0 Karma

mayurr98
Super Champion

hey @raomu

You need to install this add-on indexers and search-head as well. refer this doc for the same.

No, I can not see any app for supporting add-on

To configure this add-on you should follow this doc.
http://docs.splunk.com/Documentation/AddOns/released/CiscoIPS/Configureinputs

I think referring below doc will solve all your problems.Read it carefully and follow steps.
http://docs.splunk.com/Documentation/AddOns/latest/CiscoIPS/About

let me know if this helps!

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...