Splunk Integration: Send Events Directly from Management Center

Cisco Splunk is a Security Information and Event Management (SIEM) tool that provides visibility and monitoring of security events across Cisco Secure Firewall devices.

In Firewall Management Center versions earlier to 10.0, security events were sent to Splunk using eStreamer. From Firewall Management Center version 10.0, you can send events directly to the Splunk server using the Firewall Management Center web interface. The wizard-driven interface helps you set up Splunk integration effortlessly.

This integration allows you to perform these actions.

• Customize event flow by specifying event types—such as connection, intrusion, malware, file, user activity, correlation, discovery, intrusion packet—and their sources (Firewall Management Center or Firewall Threat Defense device) according to your monitoring requirements.

• Select the source interface for sending syslog events. You can choose to send events from the Firewall Management Center's management interface or Firewall Threat Defense device's management or data interfaces.

• Create profiles with various configurations to suit different monitoring requirements.

Note	While the integration procedure described in this topic is for Splunk, you can use the Splunk Integration wizard to integrate any SIEM tool with Firewall Management Center to send syslog messages to an external syslog server.