Cisco Security Suite 3.0.2 now includes Cisco IronPort Email Security Appliance (ESA) Data

Security Jason Conger

The Cisco Security Suite app continues to get updated for Splunk 6.x. The latest addition is support to Cisco IronPort Email Security Appliance (ESA). A new add-on has been published that provides Common Information Model compliant field extractions and tags for data from Cisco ESA. So now, the Cisco Security Suite supports:

Also, with each release, we incorporate more feedback about documentation. So, in addition to documentation found within the Cisco Security Suite app itself, a subset of “getting started” documentation has been published under the Documentation tab on http://apps.splunk.com/app/525/.

Stay tuned, there is more to come…

Related Articles

Detecting Password Spraying Attacks: Threat Research Release May 2021
Security
5 Minute Read

Detecting Password Spraying Attacks: Threat Research Release May 2021

The Splunk Threat Research team walks you through a new analytic story to help SOC analysts detect adversaries executing password spraying attacks, and highlights a few detections from the May 2021 releases.
Between Two Alerts: Easy VPN Security Monitoring with Splunk Enterprise Security
Security
3 Minute Read

Between Two Alerts: Easy VPN Security Monitoring with Splunk Enterprise Security

It’s a whole new world we’re living in, at least for now. This little tutorial will help you stay on top of your security game while in the world of Enterprise Security.
Measuring Hunting Success with PEAK
Security
5 Minute Read

Measuring Hunting Success with PEAK

Splunker David Bianco explains how an effective threat hunting program is one of the best ways to drive positive change across an organization’s entire security posture.