« back to news

Splunk Enterprise 6.2 with Cisco Security Suite v1

Architecture
Security
Location
APJ, EMEAR, GC, US East, US West
Date
August 2015

Splunk and Cisco have collaborated to deliver out-of-the-box visibility across Cisco-centric security environments using ASA/PIX/FWSM firewalls, Identity Services Engine (ISE), pxGrid, FirePOWER IDS, Advanced Malware Protection (AMP), Web Security Appliance (WSA) and Email Security Applicance (ESA). The scenarios in this solution illustrate how the Cisco Splunk Security Suite delivers unified visibility across Cisco devices to help:

  • Protect you before an attack happens
  • Enable you to respond quickly during an attack
  • Enable you to perform a rapid forensics investigation after an attack

Splunk Enterprise 6.2 with Cisco Security Suite v1 provides a consolidated view of your organizational posture across the entire Cisco security environment, with the ability to drill down into specific areas, including:

  • Email security using ESA.
  • Web security categorizes web traffic coming from the proxy using the WSA.
  • Network security presents data from Cisco ASA pix, Next Generation Firewall with FirePOWER IPS, and new detection data.
  • Identity services present user and device information from the ISE policy management platform.

Ranges of trigger alert thresholds can be set to queue events, leveraging data from multiple security routes and sources. Using this solution, it is possible to combine Cisco AMP data with device information from ISE in order to identify infected devices and classify events.

Scenarios

  • Scenario 1: Dashboard Overview
  • Scenario 2: Service Impact Analysis

Components

  • Splunk Enterprise 6.2

Get Started

Contact Us

Technical Lead

Americas

APJ / GC

EMEAR