The Splunk for Cisco IronPort Web Security Appliance app is a collection of inputs, field extractions, and other search-time knowledge that is used to drive reporting and search for data collected from Cisco IronPort Web Security appliances. The app includes out of the box reports to provide visibility into blocked sites by category or Client IP, number of events per host, actions by host over time, and other security relevant events.
Reports and dashboards have been removed from the plug-in and placed in the Cisco Security Suite. Please download the Cisco Security Suite for the search head components.
- Updated to provide compatibility with Splunk 4.2
- Updated to include a new setup workflow to assist with initial configuration
This app can be used standalone, or it can be installed with the Cisco Security Suite umbrella app and other Cisco Security Suite apps and add-ons to provide a single pane of glass interface and get out of box reports on Cisco IronPort Web Security Appliance data and other Cisco technology data.
Important note: This app, under its new name, Splunk for IronPort Web Security Appliance, replaces the older and very popular Cisco IronPort Web Security Application and contains all of the functionality of its predecessor plus the enhancements listed in the release notes below.
Additional information and download for Cisco Security Suite can be found on Splunkbase. The other Cisco Security Suite apps and add-ons include:
- Cisco Security Suite
- Splunk for Cisco Client Security Agent (CSA)
- Splunk for Cisco IronPort Email Security Appliance (ESA)
- Splunk for Cisco IronPort Web Security Appliance (WSA)
- Splunk for Cisco Firewalls (PIX, FWSM, ASA)
- Splunk for Cisco IPS
- Splunk for Cisco MARS
Installation and configuration instructions for this app can be found in the README file within the downloaded package.
Support for this content
This app is authored by Splunk but is not officially supported by Splunk Support. If you have a current Splunk Enterprise Support entitlement, Splunk will provide best-effort support for cases involving this app directly, but such cases will not be subject to the Splunk Enterprise Support SLA.