...ub-charts include those rendered forthe self-installed Cisco saved reports, i.e. ‘CiscoWSA – Security – DataCube’, ‘CiscoWSA – Top Websites’, ‘CiscoWSA – Web Threats Detected’, etc.
C...
I saw that http://apps.splunk.com/app/533/ Cisco ESA is deprecated, however, what add-on replaces it in theCisco Enterprise Security Suite? I'm only seeing ISE, WSA, and ASA
...ime off-sets at search time using our current logs?
2) Is there a way forSplunk to addthe time off-sets/zone to the events at indexing time?
3) Is there a way to have theWSA devices addthe t...
I recently upgraded theCiscoWSA TA and now all WSA logs are being tagged as Malware and Attack traffic.
It seems the logs I am receiving have not got any AV scan information included and all s...
Inside the cloud trial I'm trying to install:
SplunkAdd-onforCiscoWSASplunkAdd-onfor Linux
It opens pop-up with: "Enter your Splunk.com username and password to download the app....
Hello,
I try to user props.conf to change the sourcetype (in this case from cisco:asa to something else)
I've set up a props.conf and transforms.conf in the "local" folder. But this doesn't w...
Hi All
I am looking forfor some troubleshooting pointers forthe following issue:
I have Splunk Enterprise Security installed and I am currently configuring it.
Receiving logs from cisco...
Hello All,
We have a Splunk server setup for monitoring our CiscoWSA server using "Cisco Web Security Advanced Reporting" add-on, which is currently theonly source sending files to this Splunk s...
Greetings: In search of Cisco sampling logs with the sourctype=cisco_wsa_squid to sharpen my spl . Can any one point me to a location of such log for download ?
...iedls while i perform search. No necesary fields - no output on my Check Point App forSplunk. how to get these fields? or should i extract every field mannually?
But search " sourcetype="c...