Splunk for Cisco WSA

This add-on has been DEPRECATED.

A new add-on has been released for Cisco WSA and can be downloaded here -> http://apps.splunk.com/app/1747/ This add-on only collects and extracts data. The add-on does not include visualizations.

The Cisco Security Suite contains visualizations for Cisco WSA as well as other Cisco security related products. The Cisco Security Suite can be downloaded here -> http://apps.splunk.com/app/525/


The Splunk for Cisco IronPort Web Security Appliance app is a collection of inputs, field extractions, and other search-time knowledge that is used to drive reporting and search for data collected from Cisco IronPort Web Security appliances. The app includes out of the box reports to provide visibility into blocked sites by category or Client IP, number of events per host, actions by host over time, and other security relevant events.

Release Notes

DEPRECATION NOTICE This app has been deprecated. The replacement Splunk 6 comatible version can be found with Splunk for Cisco Security Suite. Please refer to that app.

Support for this content

This app is not officially supported by Splunk Support. If you have a current Splunk Enterprise Support entitlement, Splunk will provide best-effort support for cases involving this app directly, but such cases will not be subject to the Splunk Enterprise Support SLA.

This app can be used standalone, or it can be installed with the Cisco Security Suite umbrella app and other Cisco Security Suite apps and add-ons to provide a single pane of glass interface and get out of box reports on Cisco IronPort Web Security Appliance data and other Cisco technology data.

0 ratings