Splunk Enterprise Security

Need help with Configuring Splunk Add-on for Cisco ESA

spodda01da
Explorer

Hello All,

I have been going through Multiple posts but still not able to configure my Splunk Add-on for Cisco ESA. I have some confusion and need your opinion on it.

I have a Distributed environment and have installed Splunk Add-on for Cisco ESA on both Search Head & Deployment Server. The question is:

  • Where should I configure the Inputs (Search Head or Deployment Server).
  • Where should I push the ESA logs (Search Head or Deployment Server).

On Cisco ESA, the logs are currently configured through FTP and I was wondering if there is a way to push/share or access these logs or should I use the SCP method.

I would greatly appreciate your suggestions.

Thanks in advance,

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!