I'm brand new to Splunk. I'm trying to setup Cisco Security for Splunk, specifically for logging for our IPS. I've got the Cisco Security App installed, but need direction on how to install the add-on for IPS SDEE. Any assistance is greatly appreciated.
Hi, Instructions on how to set up the IPS portion of the Cisco Security app can be found here:
http://answers.splunk.com/questions/3364/how-do-i-install-the-cisco-ips-add-on
Once you have Splunk up and running it should be as simple as installing the IPS add-on and configuring the data input for your sensor.