Thanks For Downloading!
Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows:
Unix/Linux: Decompress the downloaded file using a tool like
The Splunk for Cisco IronPort Web Security Appliance app is a collection of inputs, field extractions, and other search-time knowledge that is used to drive reporting and search for data collected from Cisco IronPort Web Security appliances. The app includes out of the box reports to provide visibility into blocked sites by category or Client IP, number of events per host, actions by host over time, and other security relevant events.
This app can be used standalone, or it can be installed with the Cisco Security Suite umbrella app and other Cisco Security Suite apps and add-ons to provide a single pane of glass interface and get out of box reports on Cisco IronPort Web Security Appliance data and other Cisco technology data.
Important note: This app, under its new name, Splunk for IronPort Web Security Appliance, replaces the older and very popular Cisco IronPort Web Security Application and contains all of the functionality of its predecessor plus the enhancements listed in the release notes below.
Additional information and download for Cisco Security Suite can be found on Splunkbase. The other Cisco Security Suite apps and add-ons include:
Installation and configuration instructions for this app can be found in the README file within the downloaded package.
Versions and Release Notes
Version 2.0 (current version - updated Jan 25, 2013)
Reports and dashboards have been removed from the plug-in and placed in the Cisco Security Suite. Please download the Cisco Security Suite for the search head components.
Does 4.3 Compatibility include all strains? 4.3.3?
reviewed 10 Aug '12, 15:31
accept rate: 0%