Cisco Secure Firewall App for Splunk presents critical security information from Threat Defense Manager (f.k.a. Firepower Management Center (FMC)) helping analysts focus on high priority security events. The app provides a number of dashboards and tables geared towards making Firepower event analysis productive in the familiar Spunk environment. It is an alternative user interface for some, and a complementary interface for others. Cisco is committed to continuously improving this app based on your direct feedback.
Major Features Include
- Threat Summary Dashboard
- Advanced Impact Event analysis with directionality
- Network Event data dashboard with IoCs and Firewall Rule usage (Allow/Block)
- Context Explorer with Geo-location Map
- Link back from Malware hash to FMC for File Trajectory
- Link Back to FMC for Host Profile
- Filters for CIDR Blocks and Allow/Block Rule actions
TELL US WHAT WILL MAKE THIS APP BETTER FOR YOU! We want your feedback and any feature requests. Please email fp-4-splunk@cisco.com with any requests.