Changelog for Cisco Secure Access App for Splunk

Changelog: Cisco Secure Access App for Splunk

v1.0.55

  • Added the Secure Access Alerts dashboard.
  • Updated the DLP dashboard. The DLP dashboard gets the Secure Access DLP data using the Secure Access API instead of reading the logs from the S3 bucket.

v1.0.53

  • Updated the display name of the app to Cisco Secure Access App for Splunk.
  • Added support for multiple Cisco Secure Access organizations.

v1.0.50

  • Added the API Usage dashboard.
  • On the main menu in the app, added a tab that links directly to the Cisco Cloud Security Add-On for Splunk.

v1.0.48

  • Removed the requirement of restarting Splunk after upgrading the app.
  • Added the search option on the Private Resources panel.
  • Updated the Cloudlock sourcetype from Cloudock: Incidents to cisco:cloud_security:cloudlock.
  • Fixed various software bugs in the app.

v1.0.46

  • Added Remote Access Virtual Private Network (RAVPN), Zero Trust Access (ZTA), and Private Resources dashboards in the app.
  • Added Monitor and Access tabs in the app.
    • When the Cisco Secure Access or Umbrella API settings are not configured, the Access tab is not available.
  • Added the index for the Private Resources events.

v1.0.41

  • Integrated the Secure Access APIs with the app.
    • You can set up the app with Cisco Secure Access or Cisco Umbrella.
  • Added a new data loss prevention (DLP) dashboard with Cisco Cloudlock to the app.
    • The DLP dashboard is the only high-level dashboard where you configure the log data in Application Settings. Otherwise, configure the log data for the Cloud Security modules in the add-on. For more information, see Cloud Security for Splunk Add-On.
  • Updated the configuration of the destination Lists settings to get all destination lists in the organization.
  • Updated the App Discovery dashboard.
    • You can select and update the label of an application in the app.
  • Updated the configuration of the Investigate module.
    • The Investigate API can use the same API key credentials and OAuth2.0 client credentials flow as any of the Secure Access or Umbrella APIs.
    • The Cloudlock module requires specific API configuration settings.
  • Added the option to export detailed destination reports with Investigate.
  • Updated the app to create reports with Investigate for each destination type.
  • Updated the app's internal libraries.
  • Addressed known bugs in the app.

v1.0.39

  • Added the App Discovery (CASB) dashboard.
  • Updated the data included on the dashboards in the app.
    • The app creates the dashboards seamlessly from your data using the Umbrella and Cloudlock APIs.
    • The app extends the dashboards with granular data that is collected on Splunk.
  • Updated the configuration of the Log Index Settings to include the dlp (Data Loss Prevention) logs.
  • Updated alert actions: Investigate Destinations, Block Destinations, and Destination Reports.

v1.0.30

  • Investigate module
    • Added Investigate scheduled report.
    • Added classification and categorization.
    • Removed deprecated items.
  • Splunk account—Map a request to a Splunk user account.
  • Dashboard panels—Only show configured log sources.
  • Destination lists—Provided option to add a comment while blocking a destination.
  • Fixed security vulnerabilities and upgraded library.