I am running Splunk version 4.2, build 96430 on a Windows server. I have just installed Cisco Security Suite 1.0.1, Cisco Ironport Web Security Appliance 1.0.0 and MAXMIND 1.0.6. I need to find some documentation regarding configuration for these apps. I have tried the following URL but it ends up with a 404 error.
http://www.splunkbase.com/apps/All/4.x/App/app:Splunk+for+Cisco+Security
Does anyone have a good link to config docs for these apps? Thanks!
I configured log subscriptions on the WSA and ESA to FTP logs to separate directories on the splunk indexer.
Then I created a file data input for each, setting the sourcetype manually to cisco_esa for email and cisco_wsa_squid for the web filter.
I think that was all 😉
Hope that helps!
-Katherine