All Apps and Add-ons

How to get Cisco IPS logs in Spunk Cloud

raomu
Explorer

Hello,

I am using Splunk Managed cloud service ( SH and Indexers are in Cloud)

I have 2 Heavy forwarder in my environment ( on premises )

I am trying to install and configure CISCO IPS logs in Spunk and have few questions:

Step 1) IPS and Splunk are pingable with no firewall between them. Do I also need to check for any specific also ports to opened ?

Step 2) I have installed CISCO IPS add on to my heavy forwarder. Do I also need to install the add-on on Indexers and SH as well ?

Setp 3) Do we also have any app for supporting this Add-on ? ( Although, I have Enterprise Security installed already )

Step 4) If I have more than 1 IPS devices, how I am going to configure them ?

Please advice.

Tags (1)
0 Karma

mayurr98
Super Champion

hey @raomu

You need to install this add-on indexers and search-head as well. refer this doc for the same.

No, I can not see any app for supporting add-on

To configure this add-on you should follow this doc.
http://docs.splunk.com/Documentation/AddOns/released/CiscoIPS/Configureinputs

I think referring below doc will solve all your problems.Read it carefully and follow steps.
http://docs.splunk.com/Documentation/AddOns/latest/CiscoIPS/About

let me know if this helps!

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...