Splunk Integration: Send Events Directly from Cloud-Delivered Firewall Management Center

Cisco Splunk is a Security Information and Event Management (SIEM) tool that provides visibility and monitoring of security events across Cisco Secure Firewall devices.

In Cloud-Delivered Firewall Management Center versions earlier to 10.0, security events were sent to Splunk using eStreamer. From Cloud-Delivered Firewall Management Center version 10.0, you can send events to Splunk from the Firewall Threat Defense device. The wizard-driven interface helps you set up Splunk integration effortlessly.

This integration allows you to perform these actions.

• Customize event flow by specifying event types—such as connection, intrusion, malware, file, user activity, correlation, discovery, intrusion packet—and their sources (Firewall Threat Defense device) according to your monitoring requirements.

• Select the source interface for sending syslog events. You can choose to send events from the Firewall Threat Defense device's management or data interfaces.

• Create profiles with various configurations to suit different monitoring requirements.