icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Cisco Security Cloud
SHA256 checksum (cisco-security-cloud_325.tgz) e412bc21b3e6dd76e33c4722888676325bf6e9787fc9978e1947f5db88068404 SHA256 checksum (cisco-security-cloud_324.tgz) b5f99572a0aac48accde38c1fd7a5c243593ee42d816fe778d6223278b7bba95 SHA256 checksum (cisco-security-cloud_323.tgz) 88559b43eae6c3b1e96ac5992741b78162ab4b80431fa08c616fb1de966f7f89 SHA256 checksum (cisco-security-cloud_322.tgz) c6123ec9f7ac6e359cd9d3f398695a13191d161c6419a667645cc72b588e30e1 SHA256 checksum (cisco-security-cloud_320.tgz) 1ff308bfc2868f4c7a02abfefa0b64b550e680223399017bd3e52a813368e638 SHA256 checksum (cisco-security-cloud_311.tgz) d97df5d9ef6c1ff46dc2eeccf62c520859600596f15861acb1be2fa8e5997ad2 SHA256 checksum (cisco-security-cloud_301.tgz) 24af7de6b30d06675ac40a0f8b1448be75de35e7b822bbe8dd94561f669bf8a4 SHA256 checksum (cisco-security-cloud_300.tgz) e28992073cee8b144f44e635440ab372c76cd82f84989d96141c0c6aa43c0902 SHA256 checksum (cisco-security-cloud_201.tgz) 800f7afbc23b5481a75718a670e0b92d4eb05eeeecaca9e2926665b2f5152572 SHA256 checksum (cisco-security-cloud_200.tgz) fb26e9887ecbc7208e8cc3fbacd5e4019f4941bad8beb8bc05950501425778cb SHA256 checksum (cisco-security-cloud_124.tgz) 7c595f8225e74ec92116704a5f412e53988e4d1b84f9f8126db75533541d65e5 SHA256 checksum (cisco-security-cloud_123.tgz) 38a8c164caf315b850588a90367861f561f6b9a0633d9533aab5d1934c5f1183 SHA256 checksum (cisco-security-cloud_122.tgz) 5cfafd3bc9ac01e46be0c94464e5cfd7f576a01b4ac31feac4082914f7cfc848 SHA256 checksum (cisco-security-cloud_121.tgz) e586667544217fdc3a1c35e692592ac8c2a3ccdca1ea7bb76209f4b6dcffee5a SHA256 checksum (cisco-security-cloud_120.tgz) 5e88a15c68f96801dda45a1f5878fb9e4cb9ebe0155f2e450136d1bbf6839b76 SHA256 checksum (cisco-security-cloud_110.tgz) f8758d2134bac6be1b167a502721720ddf25a0797e4366d6a35e76322f65a553 SHA256 checksum (cisco-security-cloud_100.tgz) a48d3c9227c94fb08615075ff306feff2164d677c283fd52f2a1812d4267bba6
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

Cisco Security Cloud

Splunk Cloud
Overview
Details
The Cisco Security Cloud application offers seamless integration for connecting your Cisco devices with Splunk. It features a modular UX input design, built-in health checks, and constant monitoring to ensure operational integrity.

Product(s) Enabled:
Cisco AI Defense
Cisco Duo
Cisco Email Threat Defense (ETD)
Cisco Identity Intelligence (CII)
Cisco Multicloud Defense
Cisco Secure Endpoint
Cisco Secure Firewall (FTD/eStreamer/ASA)
Cisco Secure Malware Analytics (SMA)
Cisco Secure Network Analytics (SNA)
Cisco Vulnerability Intelligence
Cisco XDR (Incident Import & Promote to ES Notable)

The Cisco Security Cloud application offers a seamless integration experience for connecting your Cisco devices with Splunk, providing a rich and uniform interface. The application is equipped with detailed instructions to facilitate every step of the setup process and assists with monitoring to ensure that your data pipelines maintain their operational integrity.

The Cisco Security Cloud app combines the concept of both TA and Splunk App into a single offering to help improve the efficiency and effectiveness of your data analysis within Splunk, providing a more powerful and comprehensive solution for your monitoring and analytics needs.

The present version supports the following core application features:

Baseline Core Application Features
- Performance Monitoring, Resource Utilization and Error Handling
- Data Integrity and Observability
- Modular Application UX Configuration Setup
- Baseline Analytics to showcase product integration and detections

Product(s) Enabled:
Cisco AI Defense
Cisco Duo
Cisco Email Threat Defense (ETD)
Cisco Multicloud Defense
Cisco Secure Endpoint
Cisco Secure Firewall (FTD/eStreamer/ASA)
Cisco Secure Malware Analytics (SMA)
Cisco Secure Network Analytics (SNA)
Cisco XDR (Incident Import & Promote to ES Notable)

The Cisco Security Cloud application offers a seamless integration experience for connecting your Cisco devices with Splunk. The application is equipped with a modular user interface that provides detailed instructions for each Cisco product to help facilitate the setup process. It also features built-in health checks and constant monitoring to ensure data pipelines maintain their operational integrity.

Release Notes

Version 3.2.5
July 2, 2025

v3.2.5 - Contains a hotfix for the ETD integration

Version 3.2.4
June 25, 2025

AI Defense:
End-to-end testing for AI Defense with Enterprise Security, including support for promotion to notables/findings

XDR:
Corrected truncated incident summary issue, fixed issues with promotion to notable events.

Firewall:
Fixed issues with configuration page
Added Configurable additional logging for IDS/Malware events

Version 3.2.3
May 20, 2025

Hot Fix v3.2.3

Fixed/Identified performance issues in event counting logs presented in 3.2 on the estreamer integration.

Version 3.2.2
May 20, 2025

v3.2.2 Updates --

Cisco Secure Email Threat Defense
    Mapped all 4xx errors to 429 (daily quota exceeded).
    Updated ETD module; discussed version release.

Cisco Secure Firewall
    Resolved escalation issues, Splunk CIM normalization, and Estreamer Firewall gaps.
    Updated malware tags, "communicate" tag, and data model constraints.

Cisco XDR
    Added user name retrieval from IDs.

CII
    Fixed a failure in Cloud Compliance validation related to CII http/https requests

CVM
    Included MITRE field in CVI Dashboard.

Shell App
    Improved error handling, pagination, and KV Store checks.

Test Automation
    Fixed test issues in resource utilization analytics.
Version 3.2.0
May 7, 2025

Several housekeeping updates are included in this version including:

AI Defense UI aesthetic updates
API rate limiting for ETD and XDR
Duo input form enhancements
CII module updates

Note: v3.2 is currently not compatible with Splunk Cloud, please use v3.1.1 until the new cloud validated version v3.2.1 is available

Version 3.1.1
Feb. 27, 2025

Update v3.1.1

Added Support for AI Defense integration
Added additional telemetry for Firewall eStreamer packet data events
Added additional failsafes for loss of access to the K/V store for bookmarking event streams
Added ability to use proxy inputs for Email Threat Defense
Modified labels in Firewall data to reflect proper naming conventions
Modified CVI filters and dashboard to provide better UX experience
*Enhanced CIM mapping for numerous models and product definitions

Version 3.0.1
Jan. 31, 2025

Modified XDR API to support multiple tenant/orgs

Version 3.0.0
Jan. 14, 2025

Added Cisco Identity Intelligence Integration
Added Alerts Dashboard based on product specific CIM Alerting models
Added ASA dashboard
Added - Field dvc/sensor fields to eStreamer feed
Fixed Duplicate events and missing tokens on Cisco Security Cloud Firewall eStreamer client
Added EStreamer input rate limit
CVI general bug updates and enhancements
Bug fixes to SNA and SMA implementations

Version 2.0.1
Oct. 18, 2024

v2.0.1 - Updates

Improvements to user action validation scripts
Corrected issues in ETD Status inputs
Corrected issues with ASA/FTD log normalization
Built in support for RBA alerting to SNA configuration page
Implemented additional support for field extraction in FTD sysLog sources
Enhanced failure reporting when creating/editing SNA INputs
Failed to create an Input when creating/editing SNA Input with invalid Manager Address field
Corrected bugs with data integrity page and feed connectivity
The incident url point to XDR US tenant event instead of XDR APJC tenant
Additional Support for SNA Alarm Data
Change Error text when killed by signal 9 is shown in Network
Enhanced SNA Dashboard elmiinating duplicative metrics
Corrected Errors in the ASA input form

Version 2.0.0
Sept. 30, 2024

This update includes additional security product integrations along with several query optimizations and enhanced CIM modeling to leverage accelerated data models. This is a significant update and a removal of all past older versions with a clean re-install is highly recommended.

Two (2) additional products included are as follows:
Email Threat Defense
Secure Network Analytics

Additional Updates include the following:

Corrected Invalid data/query for "WAF Attack Types" graph in Multicloud Defense.
Added Lookups to Secure Firewall queries, introduced new data modeling to enhance performance of the Firewall dashboard.
Corrected process termination (killed by signal 9) Error in Network when trying to save DUO inputs
Changed promote to notable section from Severity to Priority score in XDR configuration page.
Updated Multicloud Defense and XDR logos
Provided enhanced error reporting across all product lines
Added Event types to the Firewall Syslog config

Version 1.2.4
Sept. 4, 2024

v1.2.4

  • Resolved Incident import issues from XDR, including porting over the proper title
  • General bug fixes with the analytics, improved search/query times using accelerated datamodels
Version 1.2.3
Aug. 26, 2024

v1.2.3 - Bug Fixes

Updated notable events from XDR with correct title and owner
Fix Connection errors for eStreamer inputs
Extend BE error handling and logging for eStreamer inputs
Improve query performance on the Firewall dashboard

Version 1.2.2
Aug. 21, 2024

v1.2.2

Fixed an issue with XDR Incident Ingest which was using incorrect titles when promoting XDR events to Splunk Notables in ES

Version 1.2.1
Aug. 16, 2024

Version 1.2.1 - Updates

Modified Index filter search, fixing a bug that limited the result options in the dashboard(s) filters.
Renamed Incorrect label "Incident data" to "Firewall Event Data" on the eStreamer config page.
Modified Firewall Syslog Input to include Host Ip (Optional)
Fixed 'Not Connected' status in Application Setup table for SMA Input
Fixed issue where proxy settings were not applied for SMA/SNA inputs
Added additional error handling to show errors when trying to save two inputs with the same name.
Fixed display issues on Data Integrity Page
Optimized Query Performance

Version 1.2.0
July 30, 2024

v1.2.0 Updates

Added support for Firewall CIM mappings, eStreamer and syslog data
Added initial support for XDR Incident Management
-- Users can now add and promote incidents to ES notables directly from XDR
-- Dashboards to depict XDR incident flow data into Splunk
*Resource/Utilizations Pages updated with additional data sources

Version 1.1.0
July 3, 2024

The Cisco Cloud Security application offers a seamless integration experience for connecting your Cisco devices with Splunk, providing a rich and uniform interface. The application is equipped with detailed instructions to facilitate every step of the setup process and assists with monitoring to ensure that your data pipelines maintain their operational integrity.

The Cisco Cloud Security app combines the concept of both TA and Splunk App into a single offering to help improve the efficiency and effectiveness of your data analysis within Splunk, providing a more powerful monitoring solution

As of July 3rd, 2024, the application has been released as a BETA version and will receive ongoing updates, including new Cisco integrations and feature sets as the current Cisco Splunk integrations approach their end of life (EOL). The present version supports the following core Cisco Integrations:

Cisco Secure Firewall (eStreamer/FTD/ASA), Cisco Multicloud Defense, Security Malware Analytics, Duo.

Version 1.0.0
June 5, 2024

The Cisco Cloud Security application offers a seamless integration experience for connecting your Cisco devices with Splunk, providing a rich and uniform interface. The application is equipped with detailed instructions to facilitate every step of the setup process and assists with monitoring to ensure that your data pipelines maintain their operational integrity.

The Cisco Cloud Security app combines the concept of both TA and Splunk App into a single offering to help improve the efficiency and effectiveness of your data analysis within Splunk, providing a more powerful and comprehensive solution for your monitoring and analytics needs.

As of June 4th, 2024, the application has been released as a BETA version and will receive ongoing updates, including new Cisco integrations and feature sets as the current Cisco Splunk integrations approach their end of life (EOL). The present version supports the following core application features:

Baseline Core Application Features
- Performance Monitoring and Error Handling
- Data Integrity and Observability
- Rich Application UX Configuration

Product(s) Enabled:
Cisco Secure Malware Analytics (SMA)
- SMA Submissions API Integration and Health Monitoring
- Dashboard Overview for SMA Submissions
Cisco Duo
- Duo API Integration and Health Monitoring
- Duo Authenication Anomaly Dashbard and Login Statistics
Cisco Secure Firewall
- Firewall Summary Analytics (requires existing TA - https://splunkbase.splunk.com/app/3662 to be installed)

In the upcoming months, our support will expand to include the following products in this order: Secure Firewall, Multicloud Defense, XDR Incident Management, Secure Network Analytics, Cisco SSE, Secure Endpoint, and XDR Relay Modules. We will also introduce an array of new features, such as all-encompassing alerting capabilities across Cisco applications, consistent enhancements to performance analytics, refined application error management, and enhanced CIM normalization for incoming data streams.

We invite your feedback throughout this BETA phase. Stay tuned for regular updates about the official release status. For feedback and queries, please reach out to [contact information].


Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk LLC in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.