×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
MikeMakai
Engager
Member since: ‎01-08-2025
‎01-16-2025
Community Statistics
Posts 3
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎01-08-2025
Activity Feed
View All

Re: Secure Firewall Dashboard

by in Dashboards & Visualizations
‎01-15-2025 11:10 AM
‎01-15-2025 11:10 AM
I'm running Splunk on Windows and don't have the tcpdump command. ... View more

Re: Secure Firewall Dashboard

by in Dashboards & Visualizations
‎01-09-2025 10:16 AM
‎01-09-2025 10:16 AM
Hi Kiran, I'm sending syslog directly from the FTD devices. Here is the config file. [tcp://192.168.1.2:1470] connection_host = dns index = cisco_sfw_ftd_syslog sourcetype = cisco:ftd:syslog [sbg_sfw_syslog_input://FTD_Pier] event_types = *,syslog_intrusion,syslog_connection,syslog_file,syslog_file_malware index = cisco_sfw_ftd_syslog interval = 600 port = 1470 restrictToHost = 192.168.1.2 sourcetype = cisco:ftd:syslog type = tcp [tcp://192.168.200.2:1470] connection_host = dns index = cisco_sfw_ftd_syslog sourcetype = cisco:ftd:syslog [sbg_sfw_syslog_input://FTD_Kona] event_types = *,syslog_intrusion,syslog_connection,syslog_file,syslog_file_malware index = cisco_sfw_ftd_syslog interval = 600 port = 1470 restrictToHost = 192.168.200.2 sourcetype = cisco:ftd:syslog type = tcp Thanks, Mike  ... View more

Secure Firewall Dashboard

by in Dashboards & Visualizations
‎01-08-2025 03:41 PM
‎01-08-2025 03:41 PM
I am sending syslog data to Splunk from Cisco FMC. I am using UCAPL compliance and therefore cannot use eStreamer. The data is being ingested into Splunk and the dashboard is showing some basic events, like connection events, volume file events and malware events. When I try to learn more about these events it doesn't drill down into more info. For example, when I click on the 14 Malware Events and chose open in search it just shows the number of events. There is no information regarding these events. When I click on inspect, it shows command.tstats at13 and  command.tstats.execute_output at 1. It doesn't provide further clarity regarding the malware events. When I view the Malware files dashboard on the FMC, is shows no data for malware threats. So based on the FMC it seems that the data in the Splunk dashboard is incorrect or at least interpreting malware events differently from the FMC dashboard.  ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎01-16-2025 02:43 PM
Karma given to
View All