Update about new version of Splunk Add-on for Cis...

kondav · ‎08-15-2018

For support of Cisco FireSIGHT 6.x and to support Splunk 7.x.x version.

dbroggy · ‎04-09-2019

Confusing title since the FireSight app is for 5.x and lower. The terms 'FirePower' and 'eStreamer' are still valid.

For 6.x and higher I believe these are the correct apps?
https://splunkbase.splunk.com/app/3662/ - eStreamer TA (client/connector) - built by Douglas Hurd
https://splunkbase.splunk.com/app/4388/ - FirePOWER - built by Douglas Hurd. I think this replaces app /3663/? There's no mention of that in splunk base, but it's mentioned in the user guide here:
https://www.cisco.com/c/en/us/td/docs/security/firepower/splunk/Cisco_Firepower_App_for_Splunk_User_...

Here are my references to back up this conclusion:
" It supports version 6.0 of Firepower Management Center."
https://www.cisco.com/c/en/us/td/docs/security/firepower/630/api/eStreamer_enCore/eStreamereNcoreSpl...

"Allows Splunk to collect all Firepower event data via the eStreamer API from Firepower Management Center version 6.x. Note: Will not work with Firepower version 5.x"
https://splunkbase.splunk.com/app/3662/#/details

To add confusion, the Splunk AddOns doc refer to the old firesight app:
https://docs.splunk.com/Documentation/AddOns/released/Sourcefire/Inputs

Update about new version of Splunk Add-on for Cisco FireSIGHT

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...