Customers who use Secure Access/Umbrella and Splunk use the-

1. Cisco Cloud Security Add-on for Splunk to bring their logged events into Splunk from AWS S3 (from either a customer or a Cisco Managed bucket). The Add-on then extracts fields and maps them, so that the data is searchable and actionable.
2. Cisco Cloud Security App for Splunk to display KPIs, which are presented in multiple dashboard panels, as well as investigate events, (using Investigate API), and mitigate risks (using destination lists API). The App also provides reports and bi-directional APIs.

New Features

Cisco Cloud Security Add-on for Splunk (build 1.0.46)

1. Added automatic detection of new log types. If a customer elects to enable this, new Secure Access logs will be detected and added without the need for an upgrade or user intervention.
2. Automatic rotation for S3 credentials when these expire (for Cisco Managed Buckets). Customers can also initiate S3 Key Rotation from our Splunk Add-on at any time:
   
    

   

   
   This minimizes interruptions given the requirement to rotate the keys for a Cisco Managed Bucket every 90 days.
3. Added support for the v13 log format.
4. Updated the default landing page to simplify configuration (no need to add Inputs anymore unless fine tuning is needed).
5. Added a Link to Open/Install the App.

Cisco Cloud Security App for Splunk (build 1.0.50)

1. Added an API Usage Dashboard:
   
    

   

   
   This dashboard gives Splunk Admins the ability to see how Secure Access APIs are being used by their Splunk App and Add-on. For example, they can identify whether they are hitting Investigate API rate limits or making a lot of changes to their Destination Lists and review whether those are intended:
   
    

   

2.  Added a Link to Open/Install the Add-on.

Documentation and Resources 

• Documentation for the Splunk Add-on.
• Documentation for the Splunk App.