Getting Data In

Cisco Security Cloud

FQzy
Explorer

Hi guys,

Is there any documentation available out there to setup the Cisco Security Cloud app?

Specific requirements, "failed to create an input" and similar errors etc.

Qzy

Labels (1)

Mitesh_Gajjar
Explorer

@FQzy  

You can check the _internal logs to find the specific error related to "failed to create input" in the app by using the following search query: index=_internal source=*cisco*. You can also filter the logs by setting the log level to "error." For troubleshooting any add-ons, refer to the "Troubleshoot Add-ons" document available in the Splunk Documentation. Troubleshoot add-ons - Splunk Documentation.

You can provide internal error to developer team for future investigation.

Also, @PickleRick response was not generated using any AI. 

0 Karma

FQzy
Explorer

Thanks Mitesh,

 

The "failed to create input" was because I already had one the same from previous testing!

The rest of the app is still a mystery to me, I have emailed Cisco but no reply

 

Thanks again FQzy

0 Karma

Mitesh_Gajjar
Explorer

Hi @FQzy 

To set up the Cisco Security Cloud app in Splunk, you can find detailed guidance and documentation on the (https://splunkbase.splunk.com/app/7404).

### Key Steps for Setup:
1. Download and Install: You can download the Cisco Security Cloud app from Splunkbase. Make sure to follow the specific instructions for installation, which include compatibility checks and required add-ons.
2. Configure Data Inputs: The app requires the configuration of several data inputs based on your Cisco security products (e.g., Firewalls, Intrusion Protection, Web Security, etc.). The documentation provides step-by-step guidance for each type.
3. Troubleshooting Common Errors: For issues like "failed to create an input," ensure that all prerequisites (like appropriate permissions and network settings) are met. You may need to consult the app's [Splunkbase page](https://splunkbase.splunk.com/app/5558) for specific troubleshooting tips.

If you run into errors or specific issues during setup, it might also be helpful to check the community discussions and resources available on the Splunk website.

For your reference you can refer this document: https://developer.cisco.com/docs/cloud-security/cloud-security-app-for-splunk/#cloud-security-app-fo...

FQzy
Explorer

Thank you Mitesh_Gajjar

Unfortunately, https://splunkbase.splunk.com/app/7404) gives this very useful information:

No information provided.

Reach out to the developer to learn more.

 

The link to the Cisco website is for a different App altogether, so not much further along.

(https://splunkbase.splunk.com/app/5558)  is also a different app

Thanks for your efforts however!

Tags (1)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

1.  @Mitesh_Gajjar 's response looks like generated with some lousy AI tool.

2. Unfortunately, the app is a third-party app so indeed your options are rather limited - either look into the app's contents and try to make sense of what's going on there or write to the email address provided in app's description trying to get more info.

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...