I am using Splunk Managed cloud service ( SH and Indexers are in Cloud)
I have 2 Heavy forwarder in my environment ( on premises )
I am trying to install and configure CISCO IPS logs in Spunk and have few questions:
Step 1) IPS and Splunk are pingable with no firewall between them. Do I also need to check for any specific also ports to opened ?
Step 2) I have installed CISCO IPS add on to my heavy forwarder. Do I also need to install the add-on on Indexers and SH as well ?
Setp 3) Do we also have any app for supporting this Add-on ? ( Although, I have Enterprise Security installed already )
Step 4) If I have more than 1 IPS devices, how I am going to configure them ?