icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Cancel Visit New Splunkbase Visit
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Cisco EULA

Splunk Websites Terms and Conditions of Use

Thank You

Downloading Cisco Secure Firewall App for Splunk
SHA256 checksum (cisco-secure-firewall-app-for-splunk_191.tgz) ac5aa41adfd4647890e50c4f9048d102fd18ad6a1475244e65290d0f4288c393 SHA256 checksum (cisco-secure-firewall-app-for-splunk_190.tgz) 714ca645bc0cbb9a583519b710402277303208781deb76b50d8f7627b7fffff1 SHA256 checksum (cisco-secure-firewall-app-for-splunk_181.tgz) 300dccebd5d45d09f962e4e89c65466ee43ceeb578cfc1bf8272da5894752913 SHA256 checksum (cisco-secure-firewall-app-for-splunk_180.tgz) bf982084a72f149233649cef9497e98d76f43f78c2091c5cedab080c5eef22b2 SHA256 checksum (cisco-secure-firewall-app-for-splunk_170.tgz) 28f554327d44212f471f658d91ade16ad060de3c65439167e755e091334573de SHA256 checksum (cisco-secure-firewall-app-for-splunk_161.tgz) 2cff0f61935c9fa7053c41ef0d378f6a1493c4a8d40d2e732fca19a2ca4240e6 SHA256 checksum (cisco-secure-firewall-app-for-splunk_160.tgz) 9356e6d41961b32a82fb07ce5923169f0bf1dff0e8d163cbbc76d9cfb166095d SHA256 checksum (cisco-secure-firewall-app-for-splunk_150.tgz) dda02003c91ba83e4b3444582a573877be37c193c8b2843d8561222c47f4f6f2 SHA256 checksum (cisco-secure-firewall-app-for-splunk_141.tgz) 759a0efbbabcb220b1e8582856de3ec7b57cb4becdc504a7336574a62631bb31 SHA256 checksum (cisco-secure-firewall-app-for-splunk_140.tgz) 3d556a3b9bb9c4b53c7f32d361f0913eb7262462de8492c23a28c2972577887c SHA256 checksum (cisco-secure-firewall-app-for-splunk_137.tgz) e678fc046b1218459ab6ad5052ea17ab082c8817a6db2318915b73e6f8c691fb SHA256 checksum (cisco-secure-firewall-app-for-splunk_135.tgz) 89af01ba6215aacc201fcc5b4c739728d4bc53810aff60e8dd1fcc8d993c8878 SHA256 checksum (cisco-secure-firewall-app-for-splunk_132.tgz) 06eb7e4a12dbc52685b6cf66adaaa5f7616b20e5091d6136d857f12ffea3f289 SHA256 checksum (cisco-secure-firewall-app-for-splunk_131.tgz) 61155f8714596094658ef11a9974cbba17f43b3fbaa3b6d5154d4e5be5bb162f SHA256 checksum (cisco-secure-firewall-app-for-splunk_129.tgz) 2804f7f5fba75b034fcb9bbb54f2f2b4201f2f83c0085b33f9dd0ff1aeab5cb5 SHA256 checksum (cisco-secure-firewall-app-for-splunk_127.tgz) 0089de2ce8e700b2f79f31d3c0d81c3ebdefa93ee4de21dcfbf567fa8107c9d8 SHA256 checksum (cisco-secure-firewall-app-for-splunk_113.tgz) 0ad74d44422c55dff44089b7c4632291f2b38d4183fa98c67ce3a0409b4176ee SHA256 checksum (cisco-secure-firewall-app-for-splunk_112.tgz) 1ca3ed42983f2b29b89e83641579a97eb089baa4ebf94b80f0a4167d1a4c1bee SHA256 checksum (cisco-secure-firewall-app-for-splunk_111.tgz) 2c4466df8de97f7c93879b82a80b8d239fff0b21e52c44b48a4b82491a42f9ca SHA256 checksum (cisco-secure-firewall-app-for-splunk_11.tgz) e940db4b753db98a25d258ef7a7a0b15cde1f9e6516ddb279c38cf802ac8463c
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate
splunk

Cisco Secure Firewall App for Splunk

Splunk Cloud
Overview
Details
Cisco Secure Firewall App for Splunk presents critical security information from Threat Defense Manager (f.k.a. Firepower Management Center (FMC)) helping analysts focus on high priority security events. The app provides a number of dashboards and tables geared towards making Firepower event analysis productive in the familiar Spunk environment. It is an alternative user interface for some, and a complementary interface for others. Cisco is committed to continuously improving this app based on your direct feedback.

Major Features Include
- Threat Summary Dashboard
- Advanced Impact Event analysis with directionality
- Network Event data dashboard with IoCs and Firewall Rule usage (Allow/Block)
- Context Explorer with Geo-location Map
- Link back from Malware hash to FMC for File Trajectory
- Link Back to FMC for Host Profile
- Filters for CIDR Blocks and Allow/Block Rule actions

TELL US WHAT WILL MAKE THIS APP BETTER FOR YOU! We want your feedback and any feature requests. Please email fp-4-splunk@cisco.com with any requests.

A User Guide is published here https://cisco.com/go/firepower-for-splunk

TELL US WHAT WILL MAKE THIS APP BETTER FOR YOU! We want your feedback and any feature requests. Please email fp-4-splunk@cisco.com with any requests.

Release Notes

Version 1.9.1
Feb. 20, 2024
  • Updated App for Cloud and App Inspect Compliance
Version 1.9.0
Nov. 17, 2023

Version 1.9.0

Fixed bugs in Networking and Reporting searches
Modified search queries to ignore non-existent fields in aggregate queries
Modified Threat Summary to include Malware Threat Score Summary panel and Security Intel Event Timeline
Fixed issues in Context Explorer
Version 1.8.1
Oct. 12, 2023

v1.8.1
*Removed unnecessary .conf files for cloud compliance and validation
Version 1.8.0
Oct. 11, 2023

v1.8.0
Removed REST calls to determine FMC configuration information used in queries to determine traffic direction
Added filters for ingress/egress traffic to replace Traffic Direction field
*Updated Analytic Displays for IDS and Threat Analysis dashboards
Version 1.7.0
April 22, 2022

*Removed references to older non-compliant jQuery libraries
Version 1.6.1
Dec. 7, 2021

*Updated app to comply with the latest cloud requirements
Version 1.6.0
May 12, 2021

Build in dual-compatibility for both ftd syslog and estreamer data, analytics will dynamically adjust to either source type
Build in support for CVE lookup via Snort Rule Id (SID)
Updated transforms.conf and props.conf to normalize field naming conventions between both ftd syslog and estreamer data sets
VPN Events dashboard was added to provide enhanced visibility on Firepower Device data
Version 1.5.0
April 23, 2021

Added "Device Overview" Panel which shows VPN Login/Logoff Events
Fixed bug with security intel list on the "Threats" page
Version 1.4.1
Oct. 14, 2020

Modified app to conform to cloud certification requirements
Version 1.4.0
Oct. 7, 2020

Modified app to conform to cloud certification requirements
Removed setup.xml, users can directly modify the homenet.csv to determine inbound/outbound traffic
Version 1.3.7
Oct. 21, 2019

Firepower App for Splunk v 1.3.7

Release to Splunkbase 10/21/2019

v1.3.7 Updates -
Cleaned up UI on Threats Summary page, and Context Explorer
Modified queries to reflect encore changes, specifically querying filtered "Blocked" now uses the blocked field vs the action field.
Modified Data In/Out metrics on Context Explorer
Modified Umbrella Experience

Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Version 1.3.5
Sept. 24, 2019

Firepower App for Splunk v 1.3.5

Release to Splunkbase 9/23/2019

v1.3.5 Updates -
*removed issues that prevented version 1.3.2 from being cloud certified

Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Version 1.3.2
July 5, 2019

Firepower App for Splunk v 1.3.2

Release to Splunkbase 7/5/2019

v1.3.2 Updates -
Fixed duplicate dashboard metric on front page for security intel events
Added more reports to the "Reports" tab

Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Version 1.3.1
May 22, 2019

Firepower App for Splunk v 1.3.1

Release to Splunkbase 5/22/2019

v1.3.1 Updates -
*Updated content to conform to Splunk Cloud Certification standards

Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Version 1.2.9
April 24, 2019

Firepower App for Splunk v 1.2.9

Release to Splunkbase 4/24/2019

v1.2.9 Updates -
*Removed default enabled=true for the pythons scripts that support Umbrella, as well as removed other unused python scripts

Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Version 1.2.7
April 18, 2019

Firepower App for Splunk v 1.2.7

Release to Splunkbase 4/19/2019

v1.2.7 Updates -
Umbrella Investigate is now here! Using the Event viewer you can now pull in Umbrella threat feeds. Requires Umbrella API Token
Modifications made to adhere to Splunk Cloud certification requirements
*Settings has moved to traditional app/settings page

Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Version 1.1.3
Feb. 27, 2019

Firepower App for Splunk v 1.1.3

Release to Splunkbase 2/27/2019

v1.1.3 Updates -
Modified Event Viewer to Link back to the FMC for IPs (Network Mapping) and Malware Hashes (File Trajectory)
Modified Event Viewer to adhere to Cisco branding schemes
*Fixed issue with Action/Blocked Filters not being used in search queries

Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Version 1.1.2
Feb. 19, 2019

Firepower App for Splunk v 1.1.2

Release to Splunkbase 2/19/2019

v1.1.2 Updates -
Modified queries to utilize configurable index located in Marco settings
Added Event Viewer for Correlation Events

Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Version 1.1.1
Feb. 16, 2019

Cisco Firepower App for Splunk

v1.1.1 updates
Fixed issue with cross link to FMC on Threats->Dashboard->Indications of Compromise dashboard, previously the FMC ip didn't not load into the right click menu option
Version 1.1
Feb. 15, 2019

Release notes

Firepower App for Splunk v1.1

Updates for v1.1 include fully validated by Splunk App Inspect
Modification to Intrusion Events Dashboard, displaying High Priority Events by Class Description
*Cross Links back to FMC for File Trajectory on Host IoC Dashboard

Cisco Firepower App for Splunk presents security and network event information sent to Splunk from Firepower Management Center running version 6.0 or later.

To bring your Firepower data into Splunk, you must use the Cisco eStreamer eNcore Add-on for Splunk. This technical add-on (TA) is available from https://splunkbase.splunk.com/app/3662/.

The types of data available for analysis are described at https://splunkbase.splunk.com/app/3662/.

Features include:

Presents critical Firepower event information
Threat Summary Dashboard
Intrusion Events with Enrichment for Threat Hunting
Network Summary Dashboard
Context Explorer
Table Views
Event Filters
Link Backs for File Trajectory, Host Profiles, Packet View
14,035
Downloads
Share Subscribe LOGIN TO DOWNLOAD
Version
Built by
Cisco Security
Support
Developer Supported
Contact Developer Questions on Splunk Answers Flag as inappropriate
Technologies: Cisco
Compatibility
This version of the app (1.9.0) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
This version of the app (1.8.0) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
This version of the app (1.7.0) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
This version of the app (1.6.1) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
This version of the app (1.6.0) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
This version of the app (1.5.0) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
This version of the app (1.4.1) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
This version of the app (1.4.0) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
This version of the app (1.3.7) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
This version of the app (1.3.5) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
This version of the app (1.3.2) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
This version of the app (1.3.1) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
This version of the app (1.2.9) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
This version of the app (1.2.7) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
This version of the app (1.1.3) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
This version of the app (1.1.2) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
This version of the app (1.1.1) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
This version of the app (1.1) is not available for Splunk Cloud. However, version 1.8.1 of this app is available for Splunk Cloud.
Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise
Splunk Versions: 9.2, 9.1, 9.0, 8.2 Platform: Platform Independent CIM Versions: 5.x Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1 Platform: Platform Independent CIM Versions: 5.x Splunk Versions: 9.2, 9.1, 9.0 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 7.2, 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 7.2, 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 7.2, 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 7.2, 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 7.2, 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 7.2, 7.1, 7.0 Platform: Platform Independent CIM Versions: 4.x, 3.x
Licensing
Cisco EULA
Category & Contents
Categories: Security, Fraud & Compliance
App Type: App
Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Submit New Splunk App Dev Resources
PLATFORM
Data-to-Everything Platform
Splunk Cloud
Splunk Enterprise
Splunk Machine Learning Toolkit
Splunk Data Stream Processor
Pricing
Free Trials & Downloads
SECURITY PRODUCTS
Splunk Enterprise Security
Splunk Phantom
Splunk Mission Control
Splunk User Behavior Analytics
IT OPERATIONS & OBSERVABILITY PRODUCTS
Splunk Infrastructure Monitoring
Splunk IT Service Intelligence
Splunk Application Performance Monitoring
Splunk On-Call
SOLUTIONS BY INITIATIVE
Cloud Transformation
SOLUTIONS BY FUNCTION
Security
IT
Devops
SOLUTIONS BY INDUSTRY
Aerospace & Defense
Communications
Energy & Utilities
Financial Services
Healthcare
Higher Education
Manufacturing
Nonprofits
Online Services
Public Sector
Retail
WHY SPLUNK?
Why Splunk?
Customer Stories
Partners
Data-to-Everything
Diversity & Inclusion
SUPPORT
Support Portal
Support Programs
Splunk Answers
Contact Us
Product Security Updates
RESOURCES
Events
Webinars
Blogs
Customer Success
Expert Services
Data Insider
View All Resources
FOR DEVELOPERS
Documentation
Best Practices
Get Started with Splunk
Training & Certification
User Groups
Community
Splunkbase
Splunk dev
COMPANY
About Splunk
Careers
Leadership
Splunk for Good
Splunk Ventures
Splunk Protects
Newsroom
COVID-19 Response
SPLUNK SITES
.conf
Splunk Live!
T-Shirt Store
Investor Relations
Follow Us:
© 2005-2024 Splunk Inc. All rights reserved.
Sitemap | Privacy | Website Terms of Use | Splunk Licensing Terms | Export Control | Modern Slavery Statement | Splunk Patents | Report a Problem
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.