This page explains how to send events related to runtime application security, such as Log4j and other remote code executions (RCEs), server-side request forgeries (SSRFs), and other application security attacks, from Cisco Secure Application to Splunk products.

You can use this integration with Splunk Enterprise Security (primary use case), Splunk Enterprise, or Splunk Cloud.

  1. Install the Cisco Splunk Add-on for AppDynamics on Splunk Cloud or Splunk Enterprise.
  2. Install the Cisco Secure Application content pack on Splunk Enterprise Security.
  3. Configure Cisco Secure Application to send attack alerts to Splunk. 
    To set up this integration, follow the steps in Create an HTTP Alert

    This integration sends alerts related to attacks only. It doesn't send alerts related to vulnerabilities or business risks. Alerts must be of type HTTP, not email.