Cisco Cisco Web Security Appliance S670 Installation Guide

These tasks are out of the scope of this document but must be performed in order to use Cisco Web 
Security Appliance Advanced Reporting. See Splunk documentation on the Splunk web site for help 
performing these tasks. 

Splunk basic authentication

AD/LDAP

Download and install the free Splunk software.

Follow instructions in the Splunk documentation. 

www.splunk.com

docs.splunk.com 

Login to Splunk using the admin account and change the 
password.

docs.splunk.com

Licensing:

Consider the quantity of data to be indexed both during 
initial historical data upload and on a daily basis 
ongoing.

Acquire and upload a Splunk evaluation license 
sufficient for the historical data upload.

Acquire and upload a Splunk enterprise licence 
sufficient for the anticipated data of the applicable 
source type to be indexed.

Change the licence type from Trial to Evaluation or 
Enterprise.

Edit license pool to ensure that the index is reporting to 
the correct pool.

First, customer may need an evaluation license good for a 
large volume of data to handle historical data input. Then, 

docs.splunk.com

See also: 

Set Cisco WSA Advanced Reporting as the default app for 
all users/roles.

docs.splunk.com

(Optional) Enable SSL within Splunk.

docs.splunk.com

(Optional) Prepare associations with AD/LDAP:

Configure Splunk to use AD/LDAP for authentication.

Verify that Splunk can connect to your AD/LDAP 
server.

Map Existing AD/LDAP groups to Splunk roles

Add and edit roles within Splunk as needed.

(Optional) Enable SSL on your AD/LDAP server.

docs.splunk.com

(Best practice) Verify Splunk services are set to restart 
automatically and test.

docs.splunk.com