Use and Cisco TAC support of this Add-On and related App require a purchase of Cisco Endpoint Security Analytics (CESA) endpoint license beginning v2.1.4. Please see the Cisco Supplemental End User License (SEULA) below for details. Under the SEULA, free use is permitted for: a) one 90-day trial/proof of value installation; b) on-going use for installations with 50 or fewer Cisco AnyConnect clients. __________________________________________________________________________________________________________ The Cisco Endpoint Security Analytics (CESA) Add-On for Splunk allows IT administrators to analyze and correlate user and endpoint behavior in Splunk Enterprise. This Add-on provides configuration and collection of data from the Cisco AnyConnect Network Visibility Module IPFIX (nvzFlow) Collector. This module collects additional context such as user, device, application, location and destination for flows both on and off premise. See the Cisco Endpoint Security Analytics (CESA) for Splunk for more information - https://splunkbase.splunk.com/app/2992/#/details