splunk-connect-for-syslog icon indicating copy to clipboard operation
splunk-connect-for-syslog copied to clipboard

Published 20 hours ago verified publisher icon splunk

Incorrect documentation for Cisco FTD\estreamer

Open harv-qq opened this issue 5 months ago • 0 comments

image

the archived app https://splunkbase.splunk.com/app/1629/ only contains props for a source of [source::eStreamer] so this will not do anything for data ingested. It is also archived.

Should this be updated to https://splunkbase.splunk.com/app/7404 as even the non archived estreamer app states:

"*Updates July 15th, 2024 The current Cisco Secure Firewall app is going EOL, limited support will be provided for the current implementation, please use the latest app, the Cisco Security Cloud -- https://splunkbase.splunk.com/app/7404

The Cisco Security Cloud -- https://splunkbase.splunk.com/app/7404 -- provides eStreamer SDK integration which will provide fully qualified event support for IDS, Malware, Connection and IDS Packet data."

both of these apps do have props for sourcetype [cisco:firepower:syslog] so that will do something with the parsed ingest from sc4s (not tested)

Can you review and if needed correct documentation so we know what to use without an investigation.

harv-qq avatar Sep 18 '24 08:09 harv-qq