topic Re: Trend Micro officescan and deepsecurity sourcetype as not papulating in Malware datamodel in Splunk Enterprise Security https://community.splunk.com/t5/Splunk-Enterprise-Security/Trend-Micro-officescan-and-deepsecurity-sourcetype-as-not/m-p/452453#M6310 <P>Answering to myself:</P> <P>the naming convention for splunk apps to be appear in Splunk ES.</P> <P>Referrence URL: <A href="https://docs.splunk.com/Documentation/ES/4.1.0/Install/InstallTechnologyAdd-ons#Import_add-ons_with_a_different_naming_convention">https://docs.splunk.com/Documentation/ES/4.1.0/Install/InstallTechnologyAdd-ons#Import_add-ons_with_a_different_naming_convention</A></P> Sun, 30 Jun 2019 14:09:06 GMT rashid47010 2019-06-30T14:09:06Z Trend Micro officescan and deepsecurity sourcetype as not papulating in Malware datamodel https://community.splunk.com/t5/Splunk-Enterprise-Security/Trend-Micro-officescan-and-deepsecurity-sourcetype-as-not/m-p/452451#M6308 <P>Maily I have three sourcetypes <BR /> sourcetype=Officescan ( workstation logs( signature update, malware etc)<BR /> sourcetype = deepsecurity ( servers, malware logs)<BR /> sourcetype = trendmicro ( TrendMicro Control centre logs)</P> <P>I can see the sourecetype=trendmicro with tag=malware. but other I can't see although they have also tag=malware.</P> <P>secondly how can I made the app CIM compliant.</P> Sun, 30 Jun 2019 08:21:59 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Trend-Micro-officescan-and-deepsecurity-sourcetype-as-not/m-p/452451#M6308 rashid47010 2019-06-30T08:21:59Z Re: Trend Micro officescan and deepsecurity sourcetype as not papulating in Malware datamodel https://community.splunk.com/t5/Splunk-Enterprise-Security/Trend-Micro-officescan-and-deepsecurity-sourcetype-as-not/m-p/452452#M6309 <P>In continuation of above, I install the TA_officescan TA on search head and on ES.<BR /> on search Head I can see the proper field extration and tags assosication. whereas In ES i cant see field extration NOR tag association. <BR /> am i missing something.?</P> Sun, 30 Jun 2019 12:53:50 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Trend-Micro-officescan-and-deepsecurity-sourcetype-as-not/m-p/452452#M6309 rashid47010 2019-06-30T12:53:50Z Re: Trend Micro officescan and deepsecurity sourcetype as not papulating in Malware datamodel https://community.splunk.com/t5/Splunk-Enterprise-Security/Trend-Micro-officescan-and-deepsecurity-sourcetype-as-not/m-p/452453#M6310 <P>Answering to myself:</P> <P>the naming convention for splunk apps to be appear in Splunk ES.</P> <P>Referrence URL: <A href="https://docs.splunk.com/Documentation/ES/4.1.0/Install/InstallTechnologyAdd-ons#Import_add-ons_with_a_different_naming_convention">https://docs.splunk.com/Documentation/ES/4.1.0/Install/InstallTechnologyAdd-ons#Import_add-ons_with_a_different_naming_convention</A></P> Sun, 30 Jun 2019 14:09:06 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Trend-Micro-officescan-and-deepsecurity-sourcetype-as-not/m-p/452453#M6310 rashid47010 2019-06-30T14:09:06Z Re: Trend Micro officescan and deepsecurity sourcetype as not papulating in Malware datamodel https://community.splunk.com/t5/Splunk-Enterprise-Security/Trend-Micro-officescan-and-deepsecurity-sourcetype-as-not/m-p/452454#M6311 <P>HI Rashid, which TA did you use for officescan?</P> Sat, 07 Mar 2020 12:08:53 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Trend-Micro-officescan-and-deepsecurity-sourcetype-as-not/m-p/452454#M6311 amankhan1 2020-03-07T12:08:53Z