Integration document for Cisco Cyber Vision with S...

doli · ‎03-11-2025

I am looking for a document to integrate Cisco cyber vision integration with Splunk.

kartik247

This is Kartik from Cisco. Please send an email to cisco-cybervision-splunk@cisco.com and the team will share the document.

Thanks!

kiran_panchavat · ‎03-12-2025

@doli

1. Go to the add-on and configure

*Account Name: Enter a unique name for this account.
*IP Address/Domain : Enter the IP Address of the Cisco Cyber Vision in format https://<ip address> or https://<domain-name>
API Token : Enter API Token generated from Cyber Vision for above account.

If you have proxy, configure the proxy details.

2. Create input

Navigate to the inputs section and create a new input based on your requirements.

Note:

Create an index for this data source to store incoming events.
Check and open the necessary firewall ports/rules for data ingestion.
Ensure communication between the data source and Splunk components.
If events are not visible after configuration, check the internal index (_internal)

For Splunk Clusters:

Create the index on the Cluster Master (CM) and push it to the indexers.
Also, create the same index on the Heavy Forwarder (HF).

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!

kiran_panchavat · ‎03-12-2025

@doli

There is no direct access to a specific document titled "Cisco Cyber Vision Integration with Splunk". Please follow this.

Based on standard practices from the Cisco and Splunk :

Install the Add-On: In Splunk, go to Apps > Manage Apps > Install App from File and upload the add-on package (.spl file) from Splunkbase.

Configure the Add-On: Navigate to the add-on’s configuration page in Splunk, where you’ll input your Cisco Cyber Vision API details (e.g., IP address of the Cyber Vision portal, API token generated from Cyber Vision). You may also specify proxy settings or custom CA certificates if needed.

Set Data Inputs: Define the time interval for data polling and the Splunk index to store the data.

Install the App: Install the Splunk App similarly and use its dashboards to visualize the data.

Syslog Option: Alternatively, configure Cyber Vision to send CEF syslog data to Splunk via TCP/UDP inputs (see the Cisco Catalyst Add-on for Splunk for syslog setup details).

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!

kiran_panchavat · ‎03-12-2025

@doli

You can find the necessary documentation for integrating Cisco Cyber Vision with Splunk on Splunkbase. The Cisco Cyber Vision Splunk Add-On allows organizations to pull information from Cisco Cyber Vision using its RESTful API interface. This add-on helps configure and pull component information, vulnerabilities, activities, and events from Cyber Vision to be used with the Cyber Vision Splunk App.

For detailed instructions and to download the add-on, you can visit the Cisco Cyber Vision Splunk Add On | Splunkbase

Cisco Security and Splunk SIEM - Cisco

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!

Integration document for Cisco Cyber Vision with Splunk

other

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform