All Apps and Add-ons

Splunk 6 - Cisco Security Suite 3.0 App config files needed

tier2ops
Explorer

Are there default configuration files that you can share so that the data gets populated in the default reports/dashboard tiles once we inject cisco ASA/PIX/FWSM/IPS/ironport(web) data?

I need info on how to configure the files listed below so that the various firewall/ironport(web)dashboards & report data for the cisco security app get populated.

[root@splunk default]# ls -ltr
total 44
-rw-------. 1 root root 44 Jan 16 13:40 transforms.conf
-rw-------. 1 root root 18310 Jan 16 13:40 savedsearches.conf
-rw-------. 1 root root 59 Jan 16 13:40 props.conf
-r--------. 1 root root 0 Jan 16 13:40 eventtypes.conf
drwx--x--x. 3 root root 4096 Jan 16 13:40 data
-r--------. 1 root root 315 Jan 16 13:40 viewstates.conf
-r--------. 1 root root 61 Jan 16 13:40 macros.conf
-rw-------. 1 root root 546 Jan 16 13:40 app.conf

Tags (1)
0 Karma

jconger
Splunk Employee
Splunk Employee

In order for WSA to work with the Cisco Security Suite, you need to copy the TA-cisco-wsa and SA-cisco-wsa directories to $SPLUNK_HOME/etc/apps. Your directory structure should look like this when finished:

$SPLUNK_HOME/etc/apps/SA-cisco-wsa
$SPLUNK_HOME/etc/apps/Splunk_CiscoSecuritySuite
$SPLUNK_HOME/etc/apps/TA-cisco-wsa

The TA-cisco-wsa and SA-cisco-wsa directories are located in Splunk_CiscoSecuritySuite/appserver/addons

0 Karma
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability

Solve Problems Faster with New, Smarter AI and Integrations in Splunk Observability As businesses scale ...