Cisco Cisco Web Security Appliance S670 Installation Guide
1-3
Cisco Web Security Appliance Advanced Reporting Installation, Setup, and User Guide
Chapter 1 Installation and Setup
Install and Configure Splunk
Install and Configure Splunk
These tasks are out of the scope of this document but must be performed in order to use Cisco Web
Security Appliance Advanced Reporting. See Splunk documentation on the Splunk web site for help
performing these tasks.
Security Appliance Advanced Reporting. See Splunk documentation on the Splunk web site for help
performing these tasks.
Notes about Authentication/Authorization
•
Splunk basic authentication
•
AD/LDAP
Task
More Information
Download and install the free Splunk software.
Follow instructions in the Splunk documentation.
www.splunk.com
docs.splunk.com
Login to Splunk using the admin account and change the
password.
password.
docs.splunk.com
Licensing:
1.
Consider the quantity of data to be indexed both during
initial historical data upload and on a daily basis
ongoing.
initial historical data upload and on a daily basis
ongoing.
2.
Acquire and upload a Splunk evaluation license
sufficient for the historical data upload.
sufficient for the historical data upload.
3.
Acquire and upload a Splunk enterprise licence
sufficient for the anticipated data of the applicable
source type to be indexed.
sufficient for the anticipated data of the applicable
source type to be indexed.
4.
Change the licence type from Trial to Evaluation or
Enterprise.
Enterprise.
5.
Edit license pool to ensure that the index is reporting to
the correct pool.
the correct pool.
First, customer may need an evaluation license good for a
large volume of data to handle historical data input. Then,
large volume of data to handle historical data input. Then,
docs.splunk.com
See also:
Set Cisco WSA Advanced Reporting as the default app for
all users/roles.
all users/roles.
docs.splunk.com
(Optional) Enable SSL within Splunk.
docs.splunk.com
(Optional) Prepare associations with AD/LDAP:
1.
Configure Splunk to use AD/LDAP for authentication.
2.
Verify that Splunk can connect to your AD/LDAP
server.
server.
3.
Map Existing AD/LDAP groups to Splunk roles
4.
Add and edit roles within Splunk as needed.
5.
(Optional) Enable SSL on your AD/LDAP server.
docs.splunk.com
(Best practice) Verify Splunk services are set to restart
automatically and test.
automatically and test.
docs.splunk.com