Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
544
Views
0
Helpful
1
Replies

Stealthwatch Customer Community - SIEM Integration

philipmein
Beginner
Beginner

‎05-31-2022 06:47 AM

What is the best method for getting security events and analytics into an external SIEM (Splunk)?

 

Thank you

Philip

0 Helpful
1 Reply 1

Philipp Tannich
Cisco Employee
Cisco Employee

‎08-09-2022 01:17 AM

Hey @philipmein,

This depends what kind of data you want to have in your SIEM.

You can decide to just collect your flows with SNA and then forward the raw logs to your SIEM.
Or, you let SNA do all the magic it can do, you fine tune your use cases and then forward the security events to your SIEM.

Anyway, the best thing is to do this by syslog and, as you're using Splunk, make sure to also install the Cisco Secure Analytics (maybe it's also called Stealthwatch) App to get some nice visuals in Splunk, too!

How you can send it to your SIEM you should find in the documentation. Search for the "System Configuration Guide", here is a sample for v7.3.1 https://www.cisco.com/c/dam/en/us/td/docs/security/stealthwatch/system_installation_configuration/SW_7_3_2_System_Configuration_Guide_DV_1_1.pdf

Hope this helps, cheers, another Philipp

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents