icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Cisco Endpoint Security Analytics (CESA) Add-On for Splunk
SHA256 checksum (cisco-endpoint-security-analytics-cesa-add-on-for-splunk_405.tgz) c9ec637ac7b10245911231588441d2dc0001930e0670fed6c6d3e66badd137b0 SHA256 checksum (cisco-endpoint-security-analytics-cesa-add-on-for-splunk_402.tgz) 414131dce7633a23f7ea36c591583c8c96d941ca9c1a0855bff3091c4f653b40 SHA256 checksum (cisco-endpoint-security-analytics-cesa-add-on-for-splunk_401.tgz) a297287b05b700f8008f7e7e6b398c026109335e9f943042b8446370fb9b65ea SHA256 checksum (cisco-endpoint-security-analytics-cesa-add-on-for-splunk_400.tgz) c36bd4ff8cfaf9bf6ad1ecc1ac23b4cc905c1c9083146a5db2e0bc898715aaa0 SHA256 checksum (cisco-endpoint-security-analytics-cesa-add-on-for-splunk_318.tgz) e7ea888ce42eda546dbaf4a4e0e26789a0537830862c3e8de09f86f152230dc3 SHA256 checksum (cisco-endpoint-security-analytics-cesa-add-on-for-splunk_309.tgz) 10ef559055410a793092e046eafae3bc7d2bb83e0bf8efc82c221737259e621b SHA256 checksum (cisco-endpoint-security-analytics-cesa-add-on-for-splunk_304.tgz) 5d8d7631fbf358dbf9a51e2b09bab6152b923370aa67312e86fb22a2f0f44198 SHA256 checksum (cisco-endpoint-security-analytics-cesa-add-on-for-splunk_218.tgz) 7f263d90d5e4f55f06595518034ca2d970b60a061e34fdbdb21d648c47a343f1
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

Cisco Endpoint Security Analytics (CESA) Add-On for Splunk

Splunk Cloud
Overview
Details
Use and Cisco TAC support of this Add-On and related App require a purchase of Cisco Endpoint Security Analytics (CESA) endpoint license beginning v2.1.4. Please see the Cisco Supplemental End User License (SEULA) below for details. Under the SEULA, free use is permitted for: a) one 90-day trial/proof of value installation; b) on-going use for installations with 50 or fewer Cisco AnyConnect clients.
__________________________________________________________________________________________________________

The Cisco Endpoint Security Analytics (CESA) Add-On for Splunk allows IT administrators to analyze and correlate user and endpoint behavior in Splunk Enterprise. This Add-on provides configuration and collection of data from the Cisco AnyConnect Network Visibility Module IPFIX (nvzFlow) Collector. This module collects additional context such as user, device, application, location and destination for flows both on and off premise.

See the Cisco Endpoint Security Analytics (CESA) for Splunk for more information - https://splunkbase.splunk.com/app/2992/#/details

The Add-on maps the data types from the NVM Collector into the appropriate Splunk data types.

BOTH THE APP AND THE ADD-ON MUST BE INSTALLED FOR THE CESA SOLUTION TO WORK

Refer to Add-On section of the Cisco AnyConnect Network Visibility Module (NVM) App for Splunk details page for more information.

Release Notes

Version 4.0.5
Jan. 25, 2022

*Updated collector to version 4.10.04067

Version 4.0.2
Oct. 11, 2021

*Enumerating TA to coincidence with dashboard app version

Version 4.0.1
Aug. 23, 2021

Updated core version of the NVM collector

Version 4.0.0
July 21, 2021

*updates to coincide with dashboard changes and sync revisions

Version 3.1.8
Feb. 22, 2021

*Added NVM Collector which includes 270, 271 templates preloaded in the image

Version 3.0.9
Aug. 27, 2020

Splunk 8.0 release

*Removed inputs.conf due to security requirements for Cloud validation, UDP inputs will have to be configured via Splunk Web, please refer to guide posted on http://cs.co/cesa-pov for more information

Version 3.0.4
June 26, 2020

Adds support for exciting new features in AnyConnect 4.9 or later, including process-path and process-arguments attributes.
See the latest specification on https://developer.cisco.com/site/network-visibility-module/ for more details.
This update includes a new NVM Collector that you must install to obtain new AnyConnect 4.9 capabilities.

The CESA / NVM solution has been updated to support new Remote Worker use cases such as monitoring Split Tunneling in addition to on-premise monitoring use cases such as Split Networking (office workers using insecure wifi and secure wifi at the same time).

Version 2.1.8
May 27, 2020

*Updated to keep current with dashboard revision


Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.