I have a new Splunk windows instance running. We have configured our Cisco ASA to send syslog data using UDP 514 and created a data input on Splunk listening on UDP 514.
The event type has been set to "cisco:asa"
Index is the default index.
Now we see data being collected on the index, so no problems there.
We installed the Add-on for Cisco ASA app with the hope it will help us see a graphical representation of the Access Control Policies being utilized by the ASA. Does anyone know if this can be achieved with this app? or do we need something else.