https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Add-on-for-Microsoft-Active-Directory-Is-this-add-on/m-p/248017#M1739 <P>Hello,</P> <P>After verifying with the development team, the Splunk Add-on for Microsoft Active Directory is not CIM compliant. Cim compliance has now been removed from the add-on's Splunkbase page to reflect this information.</P> Fri, 20 Jan 2017 18:43:28 GMT mglauser_splunk 2017-01-20T18:43:28Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Add-on-for-Microsoft-Active-Directory-Is-this-add-on/m-p/248015#M1737 <P>Splunkbase says Splunk Add-on for Microsoft Active Directory is complaint with CIM VERSIONS 4.0, 3.0 ( <A href="https://splunkbase.splunk.com/app/3207/">https://splunkbase.splunk.com/app/3207/</A> ), but I cannot find the documentation like other Splunk built Add-ons about what Data sets from the Common Information Model (CIM) Data Model matches each of the sourcetypes</P> <P>Does anyone know?</P> <P>This are the sourcetypes included in the Splunk Add-on for Microsoft Active Directory</P> <PRE><CODE>MSAD:NT6:Health MSAD:NT6:SiteInfo MSAD:NT6:Replication MSAD:NT6:Netlogon MSAD:SubnetAffinity </CODE></PRE> <P>I'm looking for sources that can be ingested by Splunk Enterprise Security</P> Fri, 20 Jan 2017 14:51:40 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Add-on-for-Microsoft-Active-Directory-Is-this-add-on/m-p/248015#M1737 guarisma 2017-01-20T14:51:40Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Add-on-for-Microsoft-Active-Directory-Is-this-add-on/m-p/248016#M1738 <P>Hi guarisma - you can see what's CIM compatible by looking at the tags.conf and probably eventtypes.conf files in the TA - usually eventtypes have been tagged with CIM-compatible tags as a sort-of best practice. If something has a tag that matches a CIM tag then that's where you're going to see it map into the CIM.</P> <P>At first glance, I don't see any tags in the TA, so I don't believe any work has been done to that TA.</P> Fri, 20 Jan 2017 16:46:44 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Add-on-for-Microsoft-Active-Directory-Is-this-add-on/m-p/248016#M1738 niemesrw 2017-01-20T16:46:44Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Add-on-for-Microsoft-Active-Directory-Is-this-add-on/m-p/248017#M1739 <P>Hello,</P> <P>After verifying with the development team, the Splunk Add-on for Microsoft Active Directory is not CIM compliant. Cim compliance has now been removed from the add-on's Splunkbase page to reflect this information.</P> Fri, 20 Jan 2017 18:43:28 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Add-on-for-Microsoft-Active-Directory-Is-this-add-on/m-p/248017#M1739 mglauser_splunk 2017-01-20T18:43:28Z https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Add-on-for-Microsoft-Active-Directory-Is-this-add-on/m-p/248018#M1740 <P>Is there a replacement for this Add-on?</P> Fri, 20 Jan 2017 20:25:18 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Splunk-Add-on-for-Microsoft-Active-Directory-Is-this-add-on/m-p/248018#M1740 guarisma 2017-01-20T20:25:18Z