This add-on has been DEPRECATED.
A new add-on has been released for Cisco WSA and can be downloaded here -> http://apps.splunk.com/app/1747/ This add-on only collects and extracts data. The add-on does not include visualizations.
The Cisco Security Suite contains visualizations for Cisco WSA as well as other Cisco security related products. The Cisco Security Suite can be downloaded here -> http://apps.splunk.com/app/525/
The Splunk for Cisco IronPort Web Security Appliance app is a collection of inputs, field extractions, and other search-time knowledge that is used to drive reporting and search for data collected from Cisco IronPort Web Security appliances. The app includes out of the box reports to provide visibility into blocked sites by category or Client IP, number of events per host, actions by host over time, and other security relevant events.
Reports and dashboards have been removed from the plug-in and placed in the Cisco Security Suite. Please download the Cisco Security Suite for the search head components.
- Updated to provide compatibility with Splunk 4.2
- Updated to include a new setup workflow to assist with initial configuration
DEPRECATION NOTICE This app has been deprecated. The replacement Splunk 6 comatible version can be found with Splunk for Cisco Security Suite. Please refer to that app.
Support for this content
This app is not officially supported by Splunk Support. If you have a current Splunk Enterprise Support entitlement, Splunk will provide best-effort support for cases involving this app directly, but such cases will not be subject to the Splunk Enterprise Support SLA.
This app can be used standalone, or it can be installed with the Cisco Security Suite umbrella app and other Cisco Security Suite apps and add-ons to provide a single pane of glass interface and get out of box reports on Cisco IronPort Web Security Appliance data and other Cisco technology data.