Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect documentation for Cisco FTD\estreamer #2584

Open
harv-qq opened this issue Sep 18, 2024 · 0 comments
Open

Incorrect documentation for Cisco FTD\estreamer #2584

harv-qq opened this issue Sep 18, 2024 · 0 comments
Assignees
@cwadhwani-splunk

Comments

@harv-qq
Copy link

harv-qq commented Sep 18, 2024

image

the archived app https://splunkbase.splunk.com/app/1629/ only contains props for a source of [source::eStreamer] so this will not do anything for data ingested. It is also archived.

Should this be updated to https://splunkbase.splunk.com/app/7404 as even the non archived estreamer app states:

"*Updates July 15th, 2024
The current Cisco Secure Firewall app is going EOL, limited support will be provided for the current implementation, please use the latest app, the Cisco Security Cloud -- https://splunkbase.splunk.com/app/7404

The Cisco Security Cloud -- https://splunkbase.splunk.com/app/7404 -- provides eStreamer SDK integration which will provide fully qualified event support for IDS, Malware, Connection and IDS Packet data."

both of these apps do have props for sourcetype [cisco:firepower:syslog] so that will do something with the parsed ingest from sc4s (not tested)

Can you review and if needed correct documentation so we know what to use without an investigation.
@cwadhwani-splunk cwadhwani-splunk self-assigned this Sep 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cwadhwani-splunk cwadhwani-splunk

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@harv-qq @cwadhwani-splunk