Firepower eStreamer to Splunk in 10 minutes
Вставка
- Опубліковано 14 чер 2024
- Firepower Management Center (FMC) eStreamer integration with Splunk.
- Firepower v7.2.5
- Splunk Enterprise 9.2
- eStreamer on Ubuntu LTS 22
2 main highlights of manual task needed to support legacy modules.
1. libssl module deployment (URL in comments)
2. Additional "-legacy" switch in openssl cert generation
eStreamer main reference (this guide kinda dated, do remember to add few more steps shared in the video to complete the splencore.sh check) -> www.cisco.com/c/en/us/td/docs/security/firepower/70/api/eNcore/eNcore_Operations_Guide_v08.html
Libssl module -> security.ubuntu.com/ubuntu/pool/main/o/openssl1.0/libssl1.0.0_1.0.2n-1ubuntu5.13_amd64.deb
Openssl ubuntu repo ->
security.ubuntu.com/ubuntu/pool/main/o/openssl1.0/