- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Cisco/OpenDNS Umbrella/Investigate: so many apps, so many options ... What is best?
Here is what is on Splunkbase (maybe others, too):
Umbrella Add-on for Splunk Enterprise: https://apps.splunk.com/app/3629/ (also on GitHub)
Cisco Umbrella Add-On for Splunk: https://splunkbase.splunk.com/app/3926/
Cisco Umbrella Investigate Add-on: https://splunkbase.splunk.com/app/3324/
(https://developer.cisco.com/docs/cloud-security/#!umbrella-investigate-add-on-for-splunk/set-up-cred...
Cisco Cloud Security Umbrella Add-on for Splunk: https://splunkbase.splunk.com/app/5557/
There is clearly a great deal of duplication and I am VERY confused about what is what and which to use.
There are at least 2 things to be done:
1: Data Input: Pull in security events.
2: Ad-Hoc Lookup: Enrich Splunk events with threat detail.
I am hoping for 2 kinds of help:
1: A suggestion on which apps to use.
2: Step-by-step details on how to set each up.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey, did you ever set investigate up?
I have umbrella logs going to our s3 buckit and pulling that data in with the cisco cloud security umbrella addon.
Not really sure if I need to fully setup cisco cloud security app. This is the app found in the github presentation. Thanks.
