Cisco Firepower pcap Add-on

Splunk Community
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Cisco Firepower pcap Add-on

Cisco Firepower pcap Add-on
This add-on provides workflow actions for a Firepower IPS event to retrieve a pcap file or Snort rule from the Firepower Management Center (FMC). Assumes the 'Cisco Firepower eStreamer eNcore Add-on for Splunk' has been installed with the event type 'estreamer_ids_ips_event', and the event 'host' field is the FMC. Copy 'fp_pcap.cgi' and 'fp_rule.cgi' from '$SPLUNK_HOME/etc/apps/TA-cisco-firepower-pcap-add-on/default/' to '/var/sf/htdocs/' on the FMC. Run command 'sudo chown www:www fp_pcap.cgi fp_rule.cgi' and 'sudo chmod 755 fp_pcap.cgi fp_rule.cgi'.
Ask a Question View in Splunkbase
0 topics and 0 replies mentioned Cisco Firepower pcap Add-on in
Latest Topics
No posts to display.
Latest Replies
No posts to display.
Top Topics
No posts to display.
My Topics
No posts to display.