I'm having some trouble with Cisco Security suite and the associated firewalls addons for Splunk.
Cisco Security Suite
First of all, how does the dashboard define a 'security event' (e.g. Cisco Security Events by Top 10 Destination IP)? In the overview panel the heatmap and pie charts work, however the "Cisco Security Events" pane does not display anything.
Splunk for Cisco Firewalls
I have it set so the source type for the firewall logs is 'cisco_fwsm', however none of the panels in the firewall overview page show any results, instead returning a no results found message.
Any help resolving this would be appreciated.
... View more