Skip to main content
 
Splunk Lantern

Cisco

 

Cisco Systems, Inc. is a networking company best known as a manufacturer and vendor of networking equipment. The company also provides software and offers related services. Over its history, Cisco has focused on Internet Protocol based networking technologies, routing and switching products and technology for home networking, IP telephony, optical networking, security, storage area networking, and wireless technology.

Before looking at documentation for specific data sources, review the Splunk Docs information on general data ingestion: 

Getting data in

For AppDynamics, powered by the Cisco FSO platform, see AppDynamics.

Source Add-ons and Apps Guidance
Cisco IOS

Splunk platform

Cisco IOS is an instance of network device log data. IOS is Cisco’s network operating system that runs mainly on their switches and routers. The IOS log data contains information about the operational state of the device and the network functions served by the device.

This data is used for troubleshooting the operations of Cisco devices running IOS. It can be used to confirm configuration settings that influence the functionality the device is expected to deliver. Examples include mismatched duplex settings, up and down state of ports, routing, and operating conditions, such as temperature and power. In the Common Information Model, Cisco IOS can be mapped to any of the following data models, depending on the field: Network Traffic and Change.

Use Cases

Adaptive Security Appliance

Splunk platform

Cisco Adaptive Security Appliance (ASA) logs combine firewall, antivirus, intrusion prevention, and virtual private network (VPN) data. The logs provides data for the following devices and solutions: firewall, antivirus, antispam, intrusion detection, intrusion prevention, VPN devices, SSL devices, and content inspection. They provide information about proactive threat defense efforts that stop attacks before they spread through networks, both large and small. Cisco ASA software also integrates with other critical security technologies to deliver comprehensive solutions that meet continuously evolving security needs. This includes multi-site and multi-node clustering, high availability, context awareness, dynamic routing and site-to-site VPN, and unified communications.

Configuration

Email Security Appliance

Splunk platform

Splunk SOAR

Configuration

FireAMP

Splunk SOAR

 
FireSIGHT

Splunk platform

Configuration

Firepower

Splunk platform

Splunk SOAR

 
Identity Services Engine

Splunk platform

Splunk SOAR

Cisco Identity Services Engine (ISE) is a security policy management and control platform. It automates and simplifies access control and security compliance for wired, wireless, and VPN connectivity. You can use the Splunk platform to analyze Cisco ISE syslog data directly or use it as a contextual data source to correlate with other communication and authentication data. In the Common Information Model, Cisco Identity Services data can be mapped to any of the following data models, depending on the field: Alerts, Authentication, Change, Endpoint, Network Traffic.

Configuration

Use Cases

Meraki

Splunk platform

Configuration

Umbrella Investigate

Splunk platform

Splunk SOAR

Cisco Umbrella Investigate provides internet-wide visibility of attacker's infrastructure, predictive intelligence to identify malicious domains, IPs, and ASNs, and all the real-time and historical domain information you need in a single source. With the Splunk Add-on for Cisco Umbrella Investigate, you can automatically enrich security events inside Splunk with Cisco’s intelligence on domains, IPs, and networks across the internet. By leveraging Investigate’s threat intelligence from within Splunk Enterprise Security, you can gain more context about a domain, IP, or ASN related to the event, allowing you to make faster, more informed decisions when responding to critical incidents and researching potential threats.

Configuration

Use Cases

Unified Computing System

Splunk platform

Configuration

Webex

Splunk SOAR

 
Web Security Appliance

Splunk platform

Configuration