Splunk and Cisco Use Cases

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Splunk, a Cisco company, empowers organizations to turn data into action through industry-leading observability and security solutions. As part of Cisco, we are uniquely positioned to deliver end-to-end visibility across hybrid environments, enabling businesses to thrive in an increasingly connected world. Together, Splunk and Cisco are redefining the future of data-driven innovation, combining Splunk’s expertise in data analytics with Cisco’s leadership in networking and security. This collaboration ensures our customers can seamlessly navigate their digital transformation journeys, unlocking new opportunities and driving meaningful outcomes. This page links you to step-by-step guidance on use cases you can achieve with this combination of software and for practical advice on getting Cisco data into Splunk products.

Splunk + Cisco for Security	Splunk + Cisco for Observability
Reducing PAN and Cisco security firewall logs with Splunk Edge Processor Integrating Cisco Secure Network Analytics with Enterprise Security and RBA Monitoring Cisco switches, routers, WLAN controllers and access points	Managing Cisco IOS devices Monitoring Cisco network devices using gRPC Sending Splunk Observability Cloud alerts to a Webex space

Getting Data In

Source	Add-ons and Apps	Guidance
Cisco IOS IOS is Cisco’s network operating system that runs mainly on their switches and routers. The IOS log data contains information about the operational state of the device and the network functions served by the device. This data is used for troubleshooting the operations of Cisco devices running IOS. It can be used to confirm configuration settings that influence the functionality the device is expected to deliver. Examples include mismatched duplex settings, up and down state of ports, routing, and operating conditions, such as temperature and power.	Splunk platform Cisco Networks Add-on for Splunk Enterprise	In the Common Information Model, Cisco IOS can be mapped to any of the following data models, depending on the field: Network Traffic and Change. Configuration Reducing PAN and Cisco security firewall logs with Splunk Edge Processor Use Cases Managing Cisco IOS devices
Adaptive Security Appliance Cisco Adaptive Security Appliance (ASA) logs combine firewall, antivirus, intrusion prevention, and virtual private network (VPN) data. The logs provides data for the following devices and solutions: firewall, antivirus, antispam, intrusion detection, intrusion prevention, VPN devices, SSL devices, and content inspection. They provide information about proactive threat defense efforts that stop attacks before they spread through networks, both large and small. Cisco ASA software also integrates with other critical security technologies to deliver comprehensive solutions that meet continuously evolving security needs. This includes multi-site and multi-node clustering, high availability, context awareness, dynamic routing and site-to-site VPN, and unified communications.	Splunk platform Splunk Add-on for Cisco ASA	Configuration Splunk Add-on for Cisco ASA Optimize Cisco ASA data with Splunk's Data Management Pipeline Builders Use Cases Using federated search for Amazon S3 (FS-S3) to filter, enrich, and retrieve data from Amazon S3 Reducing PAN and Cisco security firewall logs with Splunk Edge Processor Reducing Cisco ASA data volumes with Edge Processor and Ingest Processor
Email Security Appliance (ESA)	Splunk platform Splunk Add-on for Cisco ESA Splunk SOAR Cisco ESA	Configuration Splunk Add-on for Cisco ESA
FireAMP	Splunk SOAR FireAMP
Firepower	Splunk platform Cisco Secure Firewall App for Splunk Cisco Secure eStreamer Client Add-On for Splunk Splunk SOAR Cisco Firepower	Use Cases Reducing PAN and Cisco security firewall logs with Splunk Edge Processor
Identity Services Engine Cisco Identity Services Engine (ISE) is a security policy management and control platform. It automates and simplifies access control and security compliance for wired, wireless, and VPN connectivity. You can use the Splunk platform to analyze Cisco ISE syslog data directly or use it as a contextual data source to correlate with other communication and authentication data.	Splunk platform Splunk Add-on for Cisco Identity Services Splunk SOAR Cisco ISE	In the Common Information Model, Cisco Identity Services data can be mapped to any of the following data models, depending on the field: Alerts, Authentication, Change, Endpoint, Network Traffic. Configuration Splunk Add-on for Cisco ISE Use Cases Processing DMCA notices
Meraki	Splunk platform Splunk Add-on for Cisco Meraki	Configuration Splunk Add-on for Cisco Meraki Use Cases Monitoring and logging MQTT topic messages using Eclipse Mosquitto
Networking hardware	Splunk platform Cisco Networks Add-on for Splunk Enterprise	Use Cases Monitoring Cisco switches, routers, WLAN controllers and access points Monitoring Cisco network devices using gRPC
Umbrella Investigate Cisco Umbrella Investigate provides internet-wide visibility of attacker's infrastructure, predictive intelligence to identify malicious domains, IPs, and ASNs, and all the real-time and historical domain information you need in a single source. With the Splunk Add-on for Cisco Umbrella Investigate, you can automatically enrich security events inside Splunk with Cisco’s intelligence on domains, IPs, and networks across the internet.	Splunk platform Cisco Umbrella Investigate Add-on Splunk SOAR Cisco Umbrella Investigate Cisco Umbrella	By leveraging Investigate’s threat intelligence from within Splunk Enterprise Security, you can gain more context about a domain, IP, or ASN related to the event, allowing you to make faster, more informed decisions when responding to critical incidents and researching potential threats. Configuration Umbrella Investigate Add-On for Splunk Use Cases Enriching suspicious email domains with Splunk SOAR
Unified Computing System	Splunk platform Splunk Add-on for Cisco UCS	Configuration Splunk Add-on for Cisco UCS
Webex	Splunk SOAR Cisco Webex	Use Cases Sending Splunk Observability Cloud alerts to a Webex space
Web Security Appliance	Splunk platform Splunk Add-on for Cisco WSA	Configuration Splunk Add-on for Cisco WSA

Source

Add-ons and Apps

Guidance

Cisco IOS

IOS is Cisco’s network operating system that runs mainly on their switches and routers. The IOS log data contains information about the operational state of the device and the network functions served by the device.

This data is used for troubleshooting the operations of Cisco devices running IOS. It can be used to confirm configuration settings that influence the functionality the device is expected to deliver. Examples include mismatched duplex settings, up and down state of ports, routing, and operating conditions, such as temperature and power.

Splunk platform

Cisco Networks Add-on for Splunk Enterprise

In the Common Information Model, Cisco IOS can be mapped to any of the following data models, depending on the field: Network Traffic and Change.

Configuration

Reducing PAN and Cisco security firewall logs with Splunk Edge Processor

Use Cases

Managing Cisco IOS devices

Adaptive Security Appliance

Cisco Adaptive Security Appliance (ASA) logs combine firewall, antivirus, intrusion prevention, and virtual private network (VPN) data. The logs provides data for the following devices and solutions: firewall, antivirus, antispam, intrusion detection, intrusion prevention, VPN devices, SSL devices, and content inspection. They provide information about proactive threat defense efforts that stop attacks before they spread through networks, both large and small. Cisco ASA software also integrates with other critical security technologies to deliver comprehensive solutions that meet continuously evolving security needs. This includes multi-site and multi-node clustering, high availability, context awareness, dynamic routing and site-to-site VPN, and unified communications.

Splunk platform

Splunk Add-on for Cisco ASA

Configuration

Use Cases

Email Security Appliance (ESA)

Splunk platform

Splunk Add-on for Cisco ESA

Splunk SOAR

Cisco ESA

Configuration

Splunk Add-on for Cisco ESA

FireAMP

Splunk SOAR

FireAMP

Firepower

Splunk platform

Splunk SOAR

Cisco Firepower

Use Cases

Reducing PAN and Cisco security firewall logs with Splunk Edge Processor

Identity Services Engine

Cisco Identity Services Engine (ISE) is a security policy management and control platform. It automates and simplifies access control and security compliance for wired, wireless, and VPN connectivity. You can use the Splunk platform to analyze Cisco ISE syslog data directly or use it as a contextual data source to correlate with other communication and authentication data.

Splunk platform

Splunk Add-on for Cisco Identity Services

Splunk SOAR

Cisco ISE

In the Common Information Model, Cisco Identity Services data can be mapped to any of the following data models, depending on the field: Alerts, Authentication, Change, Endpoint, Network Traffic.

Configuration

Splunk Add-on for Cisco ISE

Use Cases

Processing DMCA notices

Meraki

Splunk platform

Splunk Add-on for Cisco Meraki

Configuration

Splunk Add-on for Cisco Meraki

Use Cases

Monitoring and logging MQTT topic messages using Eclipse Mosquitto

Networking hardware

Splunk platform

Cisco Networks Add-on for Splunk Enterprise

Use Cases

Umbrella Investigate

Cisco Umbrella Investigate provides internet-wide visibility of attacker's infrastructure, predictive intelligence to identify malicious domains, IPs, and ASNs, and all the real-time and historical domain information you need in a single source. With the Splunk Add-on for Cisco Umbrella Investigate, you can automatically enrich security events inside Splunk with Cisco’s intelligence on domains, IPs, and networks across the internet.

Splunk platform

Cisco Umbrella Investigate Add-on

Splunk SOAR

By leveraging Investigate’s threat intelligence from within Splunk Enterprise Security, you can gain more context about a domain, IP, or ASN related to the event, allowing you to make faster, more informed decisions when responding to critical incidents and researching potential threats.

Configuration