The Splunk for Cisco Firewalls technology add-on is a collection of inputs, field extractions, and other search-time knowledge that is used to drive reporting and search for data collected from Cisco firewall devices - FWSM, Pix, ASA.
Reports and dashboards have been removed from the plug-in and placed in the Cisco Security Suite. Please download the Cisco Security Suite for the search head components.
Resolved minor issue (SOLN-1639) within the Cisco Firewall dashboards that causes a “ValueError(22,”Invalid Argument”) error when running Cisco Firewall on a Windows system.
- Updated to provide compatibility with Splunk 4.2
- Updated to include a new setup workflow to assist with initial configuration
This add-on can be used standalone, or it can be installed with the Cisco Security Suite umbrella app and other Cisco Security Suite apps and add-ons to provide a single pane of glass interface and get out of box reports on Cisco firewall devices and other Cisco technology data.
Important note: This add-on, under its new name, Splunk for Cisco Firewalls, replaces the older and very popular Cisco Firewalls and contains all of the functionality of its predecessor plus the enhancements listed in the release notes below.
Additional information and download for Cisco Security Suite can be found on Splunkbase. The other Cisco Security Suite apps and add-ons include:
- Cisco Security Suite (main app)
- Splunk for Cisco Client Security Agent (CSA)
- Splunk for Cisco IronPort Email Security Appliance (ESA)
- Splunk for Cisco IronPort Web Security Appliance (WSA)
- Splunk for Cisco Firewalls (PIX, FWSM, ASA)
- Splunk for Cisco IPS
- Splunk for Cisco MARS
Installation and configuration instructions for this add-on can be found in the README file within the downloaded package.
Support for this content
This app is authored by Splunk but is not officially supported by Splunk Support. If you have a current Splunk Enterprise Support entitlement, Splunk will provide best-effort support for cases involving this app directly, but such cases will not be subject to the Splunk Enterprise Support SLA.