Cisco Firepower Application for Splunk Quick Look

Splunk is one of the market leaders for SIEM (QRadar and LogRhythm are also very popular options). One feature that Splunk excels at it is its application development community located at splunkbase.splunk.com. There are applications for just about anything, including a ton from Cisco.

One cool app to check out if you are a Cisco Firepower user is the Cisco Firepower app for Splunk. This was designed to focus on common datasets a SOC would want to monitor. The app strips things down to basic event types such as threats, incidents, and network events. If you find anything interesting within the app, simplify click it and the app will cross-launch Cisco Firepower allowing you to dig further into the event.

Here are some images of the application. It’s pretty simple but effective at quickly reviewing Cisco Firepower event data. You can find out more about the Cisco Firepower app for splunk at https://splunkbase.splunk.com/app/4388/

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.