Splunk for Cisco IronPort Web Security Appliance

Thanks For Downloading!

Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows:

Windows: Decompress the downloaded file using a tool like 7-Zip and place the resulting folder into %PROGRAMFILES%\Splunk\etc\apps. Then restart Splunk using the splunk restart command or the GUI.

Unix/Linux: Decompress the downloaded file using a tool like tar -xvf and place the resulting folder into $SPLUNK_HOME/etc/apps. Then restart Splunk using the splunk restart command or the GUI.

The Splunk for Cisco IronPort Web Security Appliance app is a collection of inputs, field extractions, and other search-time knowledge that is used to drive reporting and search for data collected from Cisco IronPort Web Security appliances. The app includes out of the box reports to provide visibility into blocked sites by category or Client IP, number of events per host, actions by host over time, and other security relevant events.

This app can be used standalone, or it can be installed with the Cisco Security Suite umbrella app and other Cisco Security Suite apps and add-ons to provide a single pane of glass interface and get out of box reports on Cisco IronPort Web Security Appliance data and other Cisco technology data.

Important note: This app, under its new name, Splunk for IronPort Web Security Appliance, replaces the older and very popular Cisco IronPort Web Security Application and contains all of the functionality of its predecessor plus the enhancements listed in the release notes below.

Additional information and download for Cisco Security Suite can be found on Splunkbase. The other Cisco Security Suite apps and add-ons include:

• Cisco Security Suite
• Splunk for Cisco Client Security Agent (CSA)
• Splunk for Cisco IronPort Email Security Appliance (ESA)
• Splunk for Cisco IronPort Web Security Appliance (WSA)
• Splunk for Cisco Firewalls (PIX, FWSM, ASA)
• Splunk for Cisco IPS
• Splunk for Cisco MARS

Installation and configuration instructions for this app can be found in the README file within the downloaded package.