Security

Cisco Ironport Searches

New Member

I am trying to run the searches that come with the Ironport Web Security portion of Cisco Security for Splunk, and nothing come up. The logs are being indexed because I can search on eventtype="ironport_proxy", but the prepackaged searches do not impart data. Has anyone had any experience with this? Cheers.

Tags (3)
0 Karma

SplunkTrust
SplunkTrust

What index is the data going in to? I noticed I had to have mine in the "cisco_wsa" index for it to work.

0 Karma