I suggest you use the Splunk Add-on Builder to build an Adaptive Response action that would POST to the third party API (or to the webhook)
... View more
Cisco Security Suite 3.1.2 is compatible with Splunk 6.6,x and 7.0 - The setup issue you are seeing a known limitation, check out the workaround for this here: https://answers.splunk.com/answers/523408/cisco-security-suite-setup-failure.html
... View more
I tested Cisco Security Suite on Splunk 7.0 and it works fine. Its compatibility version on SplunkBase has been upgraded now to Splunk 7.0.
... View more
Hi Jacob,
An update to the Cisco Security Suite app (ver 3.1.2) was recently published to SplunkBase: https://splunkbase.splunk.com/app/525/
This version supports Splunk 6.3.x and 6.4.x and the latest versions of all required Add-ons (see change log in release notes ).
-Wissam
... View more
An update to the Cisco Security Suite app (ver 3.1.2) has just been published to SplunkBase:
- This version fixes the compatibility issues previously reported (see change log in release notes: https://splunkbase.splunk.com/app/525/#/overview ).
- The Download of the app has been re-enabled.
... View more
A new version of Cisco Security Suite app has been published with minor fixes addressing the compatibility issues. You can now Download the app.
... View more
I suggest that you configure your http server to listen on a separate port, and that you use that port in the Add-on UCS Manager configuration fields.
... View more
The Splunk Add-on for Cisco UCS collects data and interacts with UCS Manager via the UCS XML API which is web-based (HTTP or HTTPS). Therefore, any firewall between Splunk and UCS Manager should be configured to allow all web traffic over the standard HTTP(TCP/80) or HTTPS(TCP/443) or any custom ports if configured (check with your UCS admin).
Can you confirm if the UCS API for your UCS manager is configured with a custom port other than the defaults (TCP/80 or TCP/443) ?
... View more
Can you please provide more details on what occurred when you updated Splunk_TA_cisco-asa? when you say "it failed", do you mean the update failed ? any other observations?
If you have ssh access to your Splunk instance, I suggest you check the integrity of $SPLUNK_HOME/etc/apps/Splunk_TA_cisco-asa/ directory content
The lookup definition 'cisco_asa_intrusion_severity_lookup' is still be part of this latest TA version.
... View more