Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Using Splunk to help define required Cisco ASA rules

gestaltnetworks
New Member
‎11-02-2017 06:33 AM

Hello folks,

Is Splunk able to help me generate rules to put on an ASA?

We're running an ASA in transparent mode with a single allow rule, logging all traffic seen through to Splunk. The plan is to take that data generated and build the ruleset for the firewall based on a ratified version of the data. I was thinking of first running a report that does a summary of all destination addresses, sorted by number of occurrences, and then for each of the results, a further report to show me the ports that were connected to on those IP's. Which I can see working just fine.

So, my question really is: Is there a slicker and quicker way of generating this data? I've toyed with writing a Python script to chew through the logs, but I'd rather have it all centralised in Splunk.

Any guidance will be gratefully received.

Best, Leigh

0 Karma
Reply

NuHarborMatt
New Member
‎11-03-2017 11:33 AM

Hi Leigh,

It sounds like you would be heavily interested in the splunk add on for cisco asa. I think it can get you pretty far as what you are interested in. I included the link below from splunkbase.

https://splunkbase.splunk.com/app/1620/

0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...