TOC & Recently Viewed

Recently Viewed Topics

Data Comparison

An example of the data shown in Splunk is shown below. The example shown contains search results for a Cisco ASA firewall. The exact search used narrowed the results to sourcetype=syslog, and matched the text string %ASA.

The same type of log information is available in SecurityCenter. When a user logs into SecurityCenter, there can be multiple dashboards available that display pertinent information for that user. It is possible to set a specific collection of dashboards as the default view in SecurityCenter. Examples of dashboards that can be created for events that are collected by the LCE Splunk client are shown below.

The Splunk Events dashboard in the previous example contains a component named NormalizedEvent Types Collected by Splunk. Click beside that component to view all the information available.

The NormalizedEvent Types Collected by Splunk component on the Splunk Events dashboard includes the Cisco ASA Firewall events and all event types in a normalized format that is easy to interpret. There are several views that you can select on the Event Analysis page that can be displayed by selecting Normalized Event Summary. A view similar to that in Splunk can be seen by clicking the Raw Syslog Events link.

It is also possible to filter the Normalized Event Summary along with any other summary view by clicking at the top left of the window. The text string %ASA used in the Splunk search could be typed in the Syslog Text box.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.