Release notes for the Splunk Add-on for Cisco ISE¶
Version 5.0.0 of the Splunk Add-on for Cisco ISE was released on November 21, 2024.
About this release¶
Version 5.0.0 of the Splunk Add-on for Cisco ISE is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 9.2x, 9.3x |
| CIM | 5.3.2 |
| Platforms | Platform independent |
| Vendor Products | Cisco ISE version 2.0, 2.4, 2.7, 3.0, 3.1, 3.2, 3.3 and 3.4 |
New features¶
Version 5.0.0 of the Splunk Add-on for Cisco ISE has the following new features.
- Added support for the latest version of Cisco ISE v3.4.
- Added support for IPv6 field extractions.
- Enhanced CIM extractions.
-
Added support for CIM v5.3.2.
-
Introduced a built-in dashboard to give insights for the add-on:
- Current add-on version.
- Total number of Cisco ISE events ingested by Splunk.
- Time-series graph of the Cisco ISE events ingested in Splunk.
- Number of events ingested by index, source, and source type.
- Trends of events, by index.
- CIM supported events.
-
Bug Fixes and enhancements for the version of Splunk Connect for Syslog v3.32.1.
- Added support of logs with multiple timestamp and host.
- Fixed the merging of CISE_Alarm logs.
-
The following table describes the data model support added for respective MESSAGE_CODE.
| MESSAGE_CODE | Data Model support added in this release |
|---|---|
| 34165 | Alerts |
Field Changes¶
| Event Format | Message ID | Fields added | Fields removed | Fields modified | Notes |
|---|---|---|---|---|---|
| All events with user_name field extracted | - | src_user_name | - | - | - |
| All events with ipv6 addresses for mentioned message_id | 3000, 3001, 5200, 5205, 5231, 5236, 5400, 5405, 5411, 5417, 5418, 5434, 5435, 5436, 5440, 5441, 5449, 80002, 11015, 11036, 11213, 11215, 11500, 11504, 11507, 11520, 11521, 11522, 11806, 11808, 11810, 11815, 11823, 12110, 12113, 12117, 12300, 12301, 12302, 12304, 12305, 12307, 12310, 12313, 12318, 12321, 12500, 12511, 12521, 12508, 12514, 12516, 12552, 12800, 12801, 12802, 12804, 12805, 12807, 12806, 12810, 12812, 12813, 12811, 12816, 12818, 12852, 12917, 12919, 12930, 12932, 12934, 12935, 12937, 12930, 12933, 12940, 12946, 12948, 12951, 12953 | src_mac | src_ip | src_mac and src_ip extraction is corrected | |
| Event with ipv6 value for mentioned message_id | 61025 | src_ip, dest_ip | - | - | - |
| All events with src_ip / dest_ip | - | src_host, dest_host | - | - | src_host = src_ip dest_host = dest_ip when host is not present |
| Event with ipv6 value for mentioned message_id | 5231 | - | - | src, src_ip, src_mac | src, src_ip and src_mac extraction is corrected |
| Event with ipv6 value for mentioned message_id | 34165 | body, signature_id, app, src, description, signature, reason, dest, id, eventtype, tag, type | - | - | - |
Fixed issues¶
Version 5.0.0 of the Splunk Add-on for Cisco ISE contains the following fixed issues:
Known issues¶
Version 5.0.0 of the Splunk Add-on for Cisco ISE contains the following known issues:
Third-party software attributions¶
Version 5.0.0 of the Splunk Add-on for Cisco ISE does not incorporate any third-party software or libraries.