Splunk for Cisco IPS

This add-on has been DEPRECATED.
The Splunk for Cisco IPS technology add-on is a collection of scripted inputs, field extractions, and other search-time knowledge that is used to drive reporting and search for data collected from Cisco IPS devices. The scripted input included in this add-on can be configured to collect data from Cisco IPS sensors using the Security Device Event Exchange (SDEE) format.

Release Notes

DEPRECATION NOTICE This app has been deprecated. The replacement Splunk 6 comatible version can be found with Splunk for Cisco Security Suite. Please refer to that app.

Support for this content

This app is not officially supported by Splunk Support. If you have a current Splunk Enterprise Support entitlement, Splunk will provide best-effort support for cases involving this app directly, but such cases will not be subject to the Splunk Enterprise Support SLA.

Security Device Event Exchange (SDEE) is a standard proposed by ICSA that specifies the format of messages and protocol used to communicate events generated by security devices. This protocol is used in the Cisco IPS Sensor 5.0 software to replace Remote Data Exchange Protocol (RDEP), which is used by earlier versions of the Cisco IDS Sensor software. The IPS data format is XML. Splunk for SDEE translates and maps the data into key value pairs.

This add-on can be used standalone, or it can be installed with the Cisco Security Suite umbrella app and other Cisco Security Suite apps and add-ons to provide a single pane of glass interface and get out of box reports on Cisco firewall devices and other Cisco technology data.

Important note: This add-on, under its new name, Splunk for Cisco IPS, replaces the older and very popular Cisco IPS SDEE Data Collector and contains all of the functionality of its predecessor plus the enhancements listed in the release notes below.

0 ratings