I saw that http://apps.splunk.com/app/533/ Cisco ESA is deprecated, however, what add-on replaces it in the Cisco Enterprise Security Suite? I'm only seeing ISE, WSA, and ASA
You can still use the Cisco ESA add-on as is. The functionality has not been integrated into the Cisco Security Suite since the update to 3.x yet, but ESA is the next on the list.
Support for Cisco Ironport WSA has been added to Cisco Security Suite; you can access the latest version here: http://apps.splunk.com/app/525/
A new CIM-compliant Splunk for Cisco ESA Add on is also available: http://apps.splunk.com/app/1761/
You can still use the Cisco ESA add-on as is. The functionality has not been integrated into the Cisco Security Suite since the update to 3.x yet, but ESA is the next on the list.
Sounds good, Looks like I'll be making an attempt at making it CIM compliant in the future 🙂