The Cisco SOC team at Cisco Live Amsterdam 2026 upgraded to Secure Firewall version 10.0 and deployed two new Splunk integrations: a Splunk wizard that simplifies syslog export configuration, and Advanced Logging, which sends Zeek-style granular logs to Splunk. Advanced Logging adds protocol-specific fields for HTTP, FTP, and DNS traffic, enabling richer SIEM visibility. Real-world use cases are shared, including detecting HTTP 500 responses on POST requests to suspicious URIs, monitoring FTP commands for risky behavior, and identifying anomalous DNS query classes like C_CHAOS among millions of expected C_INTERNET queries.
Table of contents
The Splunk Integration WizardConfiguring Advanced LoggingAdvanced Logs in ActionHTTPFTPDNSAdditional Configuration DocumentationSort: