Collection

Cisco IPS Logs - SDEE

LogInsight is gradually overtaking our SIEM tool due to it's incredible accessibility and performance - thank you, everyone, for building such an awesomely easy-to-use product.

 

Unfortunately, one of the key metrics we'd like to be able to report on is IPS/IDS logs generated from our Cisco ASAs ( we have many, many ASAs) and at the moment the IPS logs are firing into a bit of splunk code that converts them for splunk ingestion. Fortunately, it also conveniently stores this as text output, which the LI agent is able to ingest 🙂

 

At some point, however, this cross-over starts to look ugly, and we'd be keen to ingest these events directly into LogInsight, either directly or with some kind of "glue" appliance.

 

I appreciate that this is a big ask, and there are much more popular features to develop, but it's probably one worth keeping on the roadmap as LI gains popularity.

Tags

Voting

2 votes
Idea No. 562