I suggest you use the Splunk Add-on Builder to build an Adaptive Response action that would POST to the third party API (or to the webhook) ... View more

Cisco Security Suite 3.1.2 is compatible with Splunk 6.6,x and 7.0 - The setup issue you are seeing a known limitation, check out the workaround for this here: https://answers.splunk.com/answers/523408/cisco-security-suite-setup-failure.html ... View more

Cisco Security Suite was tested on Splunk 6.5.x, 6.6.x and 7.0 and it works fine. ... View more

A new version of Cisco Security Suite app has been published with minor fixes addressing the compatibility issues. You can now Download the app. ... View more

I suggest that you configure your http server to listen on a separate port, and that you use that port in the Add-on UCS Manager configuration fields. ... View more

The Splunk Add-on for Cisco UCS collects data and interacts with UCS Manager via the UCS XML API which is web-based (HTTP or HTTPS). Therefore, any firewall between Splunk and UCS Manager should be configured to allow all web traffic over the standard HTTP(TCP/80) or HTTPS(TCP/443) or any custom ports if configured (check with your UCS admin). Can you confirm if the UCS API for your UCS manager is configured with a custom port other than the defaults (TCP/80 or TCP/443) ? ... View more

Can you please provide more details on what occurred when you updated Splunk_TA_cisco-asa? when you say "it failed", do you mean the update failed ? any other observations? If you have ssh access to your Splunk instance, I suggest you check the integrity of $SPLUNK_HOME/etc/apps/Splunk_TA_cisco-asa/ directory content The lookup definition 'cisco_asa_intrusion_severity_lookup' is still be part of this latest TA version. ... View more

also, check out http://docs.splunk.com/Documentation/ES/3.3.0/Install/DeploymentPlanning ... View more