Cisco

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Cisco Systems, Inc. is a networking company best known as a manufacturer and vendor of networking equipment. The company also provides software and offers related services. Over its history, Cisco has focused on Internet Protocol based networking technologies, routing and switching products and technology for home networking, IP telephony, optical networking, security, storage area networking, and wireless technology.

Splunk is now officially a part of Cisco. This means our customers will begin to see the benefits of the power of our technologies coming together to not only solve many of their most complex challenges, but also enable tremendous opportunities. Cisco — supercharged by Splunk — will bring the full power of the network together with market-leading security and observability solutions.

Getting data in

For Splunk AppDynamics, formerly Cisco AppDynamics, see the AppDynamics page.

Source	Add-ons and Apps	Guidance
Cisco IOS	Splunk platform Cisco Networks Add-on for Splunk Enterprise	Cisco IOS is an instance of network device log data. IOS is Cisco’s network operating system that runs mainly on their switches and routers. The IOS log data contains information about the operational state of the device and the network functions served by the device. This data is used for troubleshooting the operations of Cisco devices running IOS. It can be used to confirm configuration settings that influence the functionality the device is expected to deliver. Examples include mismatched duplex settings, up and down state of ports, routing, and operating conditions, such as temperature and power. In the Common Information Model, Cisco IOS can be mapped to any of the following data models, depending on the field: Network Traffic and Change. Use Cases Managing Cisco IOS devices
Adaptive Security Appliance	Splunk platform Splunk Add-on for Cisco ASA	Cisco Adaptive Security Appliance (ASA) logs combine firewall, antivirus, intrusion prevention, and virtual private network (VPN) data. The logs provides data for the following devices and solutions: firewall, antivirus, antispam, intrusion detection, intrusion prevention, VPN devices, SSL devices, and content inspection. They provide information about proactive threat defense efforts that stop attacks before they spread through networks, both large and small. Cisco ASA software also integrates with other critical security technologies to deliver comprehensive solutions that meet continuously evolving security needs. This includes multi-site and multi-node clustering, high availability, context awareness, dynamic routing and site-to-site VPN, and unified communications. Configuration Splunk Add-on for Cisco ASA Using federated search for Amazon S3 (FS-S3) to filter, enrich, and retrieve data from Amazon S3
Email Security Appliance	Splunk platform Splunk Add-on for Cisco ESA Splunk SOAR Cisco ESA	Configuration Splunk Add-on for Cisco ESA
FireAMP	Splunk SOAR FireAMP
FireSIGHT	Splunk platform Splunk Add-on for Cisco FireSIGHT	Configuration Splunk Add-on for Cisco FireSIGHT
Firepower	Splunk platform Cisco Secure Firewall App for Splunk Cisco Secure eStreamer Client Add-On for Splunk Splunk SOAR Cisco Firepower
Identity Services Engine	Splunk platform Splunk Add-on for Cisco Identity Services Splunk SOAR Cisco ISE	Cisco Identity Services Engine (ISE) is a security policy management and control platform. It automates and simplifies access control and security compliance for wired, wireless, and VPN connectivity. You can use the Splunk platform to analyze Cisco ISE syslog data directly or use it as a contextual data source to correlate with other communication and authentication data. In the Common Information Model, Cisco Identity Services data can be mapped to any of the following data models, depending on the field: Alerts, Authentication, Change, Endpoint, Network Traffic. Configuration Splunk Add-on for Cisco ISE Use Cases Processing DMCA notices
Meraki	Splunk platform Splunk Add-on for Cisco Meraki	Configuration Splunk Add-on for Cisco Meraki Use Cases Monitoring and logging MQTT topic messages using Eclipse Mosquitto
Cisco switches and routers, WLAN controllers and access points	Splunk platform Cisco Networks Add-on for Splunk Enterprise	Use Cases Monitoring Cisco switches, routers, WLAN controllers and access points
Umbrella Investigate	Splunk platform Cisco Umbrella Investigate Add-on Splunk SOAR Cisco Umbrella Investigate Cisco Umbrella	Cisco Umbrella Investigate provides internet-wide visibility of attacker's infrastructure, predictive intelligence to identify malicious domains, IPs, and ASNs, and all the real-time and historical domain information you need in a single source. With the Splunk Add-on for Cisco Umbrella Investigate, you can automatically enrich security events inside Splunk with Cisco’s intelligence on domains, IPs, and networks across the internet. By leveraging Investigate’s threat intelligence from within Splunk Enterprise Security, you can gain more context about a domain, IP, or ASN related to the event, allowing you to make faster, more informed decisions when responding to critical incidents and researching potential threats. Configuration Umbrella Investigate Add-On for Splunk Use Cases Enriching suspicious email domains with Splunk SOAR
Unified Computing System	Splunk platform Splunk Add-on for Cisco UCS	Configuration Splunk Add-on for Cisco UCS
Webex	Splunk SOAR Cisco Webex
Web Security Appliance	Splunk platform Splunk Add-on for Cisco WSA	Configuration Splunk Add-on for Cisco WSA

Source

Add-ons and Apps

Guidance

Cisco IOS

Splunk platform

Cisco Networks Add-on for Splunk Enterprise

Cisco IOS is an instance of network device log data. IOS is Cisco’s network operating system that runs mainly on their switches and routers. The IOS log data contains information about the operational state of the device and the network functions served by the device.

This data is used for troubleshooting the operations of Cisco devices running IOS. It can be used to confirm configuration settings that influence the functionality the device is expected to deliver. Examples include mismatched duplex settings, up and down state of ports, routing, and operating conditions, such as temperature and power. In the Common Information Model, Cisco IOS can be mapped to any of the following data models, depending on the field: Network Traffic and Change.

Use Cases

Managing Cisco IOS devices

Adaptive Security Appliance

Splunk platform

Splunk Add-on for Cisco ASA

Cisco Adaptive Security Appliance (ASA) logs combine firewall, antivirus, intrusion prevention, and virtual private network (VPN) data. The logs provides data for the following devices and solutions: firewall, antivirus, antispam, intrusion detection, intrusion prevention, VPN devices, SSL devices, and content inspection. They provide information about proactive threat defense efforts that stop attacks before they spread through networks, both large and small. Cisco ASA software also integrates with other critical security technologies to deliver comprehensive solutions that meet continuously evolving security needs. This includes multi-site and multi-node clustering, high availability, context awareness, dynamic routing and site-to-site VPN, and unified communications.

Configuration

Email Security Appliance

Splunk platform

Splunk Add-on for Cisco ESA

Splunk SOAR

Cisco ESA

Configuration

Splunk Add-on for Cisco ESA

FireAMP

Splunk SOAR

FireAMP

FireSIGHT

Splunk platform

Splunk Add-on for Cisco FireSIGHT

Configuration

Splunk Add-on for Cisco FireSIGHT

Firepower

Splunk platform

Splunk SOAR

Cisco Firepower

Identity Services Engine

Splunk platform

Splunk Add-on for Cisco Identity Services

Splunk SOAR

Cisco ISE

Cisco Identity Services Engine (ISE) is a security policy management and control platform. It automates and simplifies access control and security compliance for wired, wireless, and VPN connectivity. You can use the Splunk platform to analyze Cisco ISE syslog data directly or use it as a contextual data source to correlate with other communication and authentication data. In the Common Information Model, Cisco Identity Services data can be mapped to any of the following data models, depending on the field: Alerts, Authentication, Change, Endpoint, Network Traffic.

Configuration

Splunk Add-on for Cisco ISE

Use Cases

Processing DMCA notices

Meraki

Splunk platform

Splunk Add-on for Cisco Meraki

Configuration

Splunk Add-on for Cisco Meraki

Use Cases

Monitoring and logging MQTT topic messages using Eclipse Mosquitto

Cisco switches and routers, WLAN controllers and access points

Splunk platform

Cisco Networks Add-on for Splunk Enterprise

Use Cases

Monitoring Cisco switches, routers, WLAN controllers and access points

Umbrella Investigate

Splunk platform

Cisco Umbrella Investigate Add-on

Splunk SOAR

Cisco Umbrella Investigate provides internet-wide visibility of attacker's infrastructure, predictive intelligence to identify malicious domains, IPs, and ASNs, and all the real-time and historical domain information you need in a single source. With the Splunk Add-on for Cisco Umbrella Investigate, you can automatically enrich security events inside Splunk with Cisco’s intelligence on domains, IPs, and networks across the internet. By leveraging Investigate’s threat intelligence from within Splunk Enterprise Security, you can gain more context about a domain, IP, or ASN related to the event, allowing you to make faster, more informed decisions when responding to critical incidents and researching potential threats.

Configuration