All Apps and Add-ons

Update about new version of Splunk Add-on for Cisco FireSIGHT

New Member

For support of Cisco FireSIGHT 6.x and to support Splunk 7.x.x version.

0 Karma

Path Finder

Confusing title since the FireSight app is for 5.x and lower. The terms 'FirePower' and 'eStreamer' are still valid.

For 6.x and higher I believe these are the correct apps?
https://splunkbase.splunk.com/app/3662/ - eStreamer TA (client/connector) - built by Douglas Hurd
https://splunkbase.splunk.com/app/4388/ - FirePOWER - built by Douglas Hurd. I think this replaces app /3663/? There's no mention of that in splunk base, but it's mentioned in the user guide here:
https://www.cisco.com/c/en/us/td/docs/security/firepower/splunk/Cisco_Firepower_App_for_Splunk_User_...

Here are my references to back up this conclusion:
" It supports version 6.0 of Firepower Management Center."
https://www.cisco.com/c/en/us/td/docs/security/firepower/630/api/eStreamer_enCore/eStreamereNcoreSpl...

"Allows Splunk to collect all Firepower event data via the eStreamer API from Firepower Management Center version 6.x. Note: Will not work with Firepower version 5.x"
https://splunkbase.splunk.com/app/3662/#/details

To add confusion, the Splunk AddOns doc refer to the old firesight app:
https://docs.splunk.com/Documentation/AddOns/released/Sourcefire/Inputs

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!