We are happy to announce the release of new versions of the Cisco Cloud Security Add-on and App for Splunk. The Add-on and App support both Secure Access and Umbrella.
What are They?
Customers who use Secure Access and Splunk can use the-
- Cisco Cloud Security Add-on for Splunk to bring their logged events into Splunk from AWS S3 (from either a customer or a Cisco Managed bucket).
- Cisco Cloud Security App for Splunk to display KPIs, which are presented in multiple dashboard panels, as well as investigate events, (using Investigate), and mitigate risks (using destination lists). The App also provides reports and management features.
What’s new?
Cisco Cloud Security Add-on for Splunk (build 1.0.42)
- Added automatic field extraction using headers. You no longer need to wait for an upgrade every time new fields are added.
- We simplified our entire input configuration. In the past, you had to define each input manually. Now all that is needed is to add the AWS account information once, and then ask for all inputs.
- Added v12 schema log fields.
- Added File Event Logs.
- Updated our CIM, (Common Information Model), for v12.
Cisco Cloud Security App for Splunk (build 1.0.48)
- Removed requirement to restart the Splunk server after upgrade.
- Added search feature to the Private Resources Panel (Applications Tab).
- Updated the Cloudlock sourcetype name.
- Multiple bug fixes.
Where can I get Them?
- You can download both from Splunk's marketplace, known as Splunkbase (links posted above and in our doc links below). The Add-on and App are compatible with both Splunk Cloud and Splunk Enterprise.
- Documentation:
