Splunk Enterprise Security

Need help with Configuring Splunk Add-on for Cisco ESA

spodda01da
Explorer

Hello All,

I have been going through Multiple posts but still not able to configure my Splunk Add-on for Cisco ESA. I have some confusion and need your opinion on it.

I have a Distributed environment and have installed Splunk Add-on for Cisco ESA on both Search Head & Deployment Server. The question is:

  • Where should I configure the Inputs (Search Head or Deployment Server).
  • Where should I push the ESA logs (Search Head or Deployment Server).

On Cisco ESA, the logs are currently configured through FTP and I was wondering if there is a way to push/share or access these logs or should I use the SCP method.

I would greatly appreciate your suggestions.

Thanks in advance,

0 Karma
Get Updates on the Splunk Community!

This Week's Community Digest - Splunk Community Happenings [9.26.22]

Get the latest news and updates from the Splunk Community here! Upcoming User Group Events! 👏 Check ...

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...