This is an alternative to the Cisco eStreamer eNcore Add-on for Splunk
- Network Traffic
- Web
- Use FMC and configure your Firepower appliances to log Access Rules, IPS rules, DNS rules etc to your Splunk/Syslog server
- Set the input with sourcetype "syslog" or sourcetype "cisco:firepower:syslog"
- No session ID in events. Not sure how to get this from Firepower
- No duration field in events (this will have to be calculated with the delta of Start end End events)
- Does not support the Audit DM - TODO