Solved: Aside from Squid logs, what other log formats does...

masato_wang · ‎11-20-2014

Aside from Squid logs, what other log formats does Attack Scanner support?

TrendMicro_Splu · ‎11-20-2014

Attack Scanner supports the Web and Proxy data model of Common Information Model (CIM) add-on. If you have created a technology add-on that supports the Web and Proxy data model, you can set this source type through the app’s Settings screen.
Alternatively, take advantage of Splunk’s field alias to create an alias for specific fields. Note, however, that Attack Scanner uses src (traffic source) and dest (traffic destination) by default. To enable support, create another alias for your own source and destination fields.

View solution in original post

TrendMicro_Splu · ‎11-20-2014

Attack Scanner supports the Web and Proxy data model of Common Information Model (CIM) add-on. If you have created a technology add-on that supports the Web and Proxy data model, you can set this source type through the app’s Settings screen.
Alternatively, take advantage of Splunk’s field alias to create an alias for specific fields. Note, however, that Attack Scanner uses src (traffic source) and dest (traffic destination) by default. To enable support, create another alias for your own source and destination fields.

Aside from Squid logs, what other log formats does Attack Scanner support?

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM