Skip to content

Splunk Add-on for Cisco Firepower with syslog outputs

Notifications You must be signed in to change notification settings

inspired/TA-cisco_firepower

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

TA-cisco_firepower

CIM compliant Cisco Firepower TA for Splunk

This is an alternative to the Cisco eStreamer eNcore Add-on for Splunk

CIM models

  • Network Traffic
  • Web

Installation

  1. Use FMC and configure your Firepower appliances to log Access Rules, IPS rules, DNS rules etc to your Splunk/Syslog server
  2. Set the input with sourcetype "syslog" or sourcetype "cisco:firepower:syslog"

Current limitations

  • No session ID in events. Not sure how to get this from Firepower
  • No duration field in events (this will have to be calculated with the delta of Start end End events)
  • Does not support the Audit DM - TODO

About

Splunk Add-on for Cisco Firepower with syslog outputs

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published