Recently needed to look into multiple vendors for PCI Compliance and all the big players want in excess of £50k (RRP) to get an appliance to handle all the logs as the PCI Compliance requirements are quite demanding if you do these checks manually.

There are many SIEM solutions available however I was impressed with the free offering from Splunk which can be used to centralize secuirty data from multiple Cisco solutions.

A SIEM is a Security Information and Event Monitoring tool and its just a software solution to sorting information and able to identify and react to events.

Splunk have a extensive application library which has been developed by customers and Splunk engineers.

They seem to be staying current as they have support for Cisco ASA SourceFire which hasn’t long been released.

Below you can see a dashboard overview of Splunk for Cisco Security

Splunk1

 

You can go even deeper to find a breakdown of the traffic:

Splunk2

Here you can see a Firewall Event Search and you can bring up all information.

 

Splunk3

 

You can also do searches for Usernames or IP Addresses across multiple Cisco Devices to find all information in one place:

splunk4

 

Here you can find the Cisco Security Suite so you can install into your Splunk installation:

 

https://apps.splunk.com/app/525/

 

 

Splunk Video for PCI Compliance and how it meets the requirements (worth a watch)

If you happen to have a team of developers as I do then it shouldn’t be too much work to customize for your system/setup.

Leave a Reply

Your email address will not be published. Required fields are marked *