All Apps and Add-ons

Splunk 6 - Cisco Security Suite 3.0 App config files needed

tier2ops
Explorer

Are there default configuration files that you can share so that the data gets populated in the default reports/dashboard tiles once we inject cisco ASA/PIX/FWSM/IPS/ironport(web) data?

I need info on how to configure the files listed below so that the various firewall/ironport(web)dashboards & report data for the cisco security app get populated.

[root@splunk default]# ls -ltr
total 44
-rw-------. 1 root root 44 Jan 16 13:40 transforms.conf
-rw-------. 1 root root 18310 Jan 16 13:40 savedsearches.conf
-rw-------. 1 root root 59 Jan 16 13:40 props.conf
-r--------. 1 root root 0 Jan 16 13:40 eventtypes.conf
drwx--x--x. 3 root root 4096 Jan 16 13:40 data
-r--------. 1 root root 315 Jan 16 13:40 viewstates.conf
-r--------. 1 root root 61 Jan 16 13:40 macros.conf
-rw-------. 1 root root 546 Jan 16 13:40 app.conf

Tags (1)
0 Karma

jconger
Splunk Employee
Splunk Employee

In order for WSA to work with the Cisco Security Suite, you need to copy the TA-cisco-wsa and SA-cisco-wsa directories to $SPLUNK_HOME/etc/apps. Your directory structure should look like this when finished:

$SPLUNK_HOME/etc/apps/SA-cisco-wsa
$SPLUNK_HOME/etc/apps/Splunk_CiscoSecuritySuite
$SPLUNK_HOME/etc/apps/TA-cisco-wsa

The TA-cisco-wsa and SA-cisco-wsa directories are located in Splunk_CiscoSecuritySuite/appserver/addons

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...