I've just installed theSplunkAdd-onforCiscoESA and looking to have the correct sourcetypes and field extractions. Am I simply appending my C:\Program Files\Splunk\etc\system\local\ props and t...
I installed theCisco Security Suite app with theSplunkAdd-onforCisco ASA,and did the setup, but why do I see warnings about eventtype definitions for eventtype=cisco-esa?
EDIT : New information at the end.
When I run a search over our ASA, all the fields defined by thesplunk_ta_cisco-asa work except one. I have severity lookups and vendor classes, but I have n...
Hello,
I've installed the TA on my search head only (Distributed deployment).
I send ESA textmail and http logs over TCP syslog and my heavy forwarder inputs.conf is configured as this:
[t...
...nvironment and have installed SplunkAdd-onforCiscoESAon both Search Head & Deployment Server. The question is:
Where should I configure the Inputs (Search Head or Deployment Server).
W...
Hi All,
I'm trying to install theCiscoESAAdd-on App https://splunkbase.splunk.com/app/1761/
However when setting this up in Cisco Security Suite, it doesn't recognize the app after I've u...
Hi to everybody,
I have a little problem. I can see in the alert messages, with this text:
1) Thelookup table 'networkservice' does not exist. It is referenced by configuration 'cisco:asa'....
TheSplunkAdd-onforCiscoESA doesn't extract multiple fields correctly. I discovered a couple, but there are likely other issues in the field extractions and naming.
CIM "subject" is named a...
Hello;
I've recently upgraded Cisco Networks App forSplunk Enterprise to cisco_ios 2.3.0, shortly followed by an upgrade to the TA on my Universal Forwarder and Indexers to TA-cisco_ios 2.3.0....