All Apps and Add-ons

Technology Add-on for Cisco Secure Access Control Server (ACS): Are there recommended searches for reporting on this sourcetype?

Communicator

Greetings;

I plan to install the Cisco ACS TA on all of my universal forwarders (those receiving syslog data from ACS), Indexer cluster, and search head cluster. I am already receiving and reporting on Cisco ISE, ASA, and ESA logs, but see no option to turn on reporting for ACS logs.

It's great that this TA does CIM compliant indexing; I use ES, but is there an app some place to render reports for this sourcetype?

Any recommendations for searches that might lead up to a dashboard and/or report?

Thank you in advance.

SplunkTrust
SplunkTrust

Hello nychark,

I'm afraid that the TA only handles the parsing. I'm not aware of any apps that handle visualizations specifically for ACS events. Also, you don't need to install the TA on all of your UFs, only on your indexers, search heads, and any heavy forwarders that may parse the data.

Thanks,

Dave

Communicator

Thank you David, greatly appreciate the quick response!

Do you have any useful queries that you can share?

0 Karma

SplunkTrust
SplunkTrust

I'm afraid not (they are all stuck at customer sites). I've used the authentication data model to create some dashboards, but I'm afraid it's not something sharable. I just seem to be full of non-answers 😞

Communicator

I can respect that, and THANK YOU for the TA!

0 Karma