All Apps and Add-ons

Graph Security API and Splunk Common Information Model


The document states, "Security alerts ingested through this add-on are mapped to the Splunk Common Information Model", but when I review the events, every event has the same event type - GraphSecurityAlert - and the same 15 tags assigned to each event.

Is there a need to create specific event types with associated tags to ensure this add-on is mapped to the Splunk Common Information Model, or is it OK to go with the defaults?


Get Updates on the Splunk Community!

Admin Your Splunk Cloud, Your Way

Join us to maximize different techniques to best tune Splunk Cloud. In this Tech Enablement, you will get ...

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

Overview Transport Layer Security (TLS) is a security communications protocol that lets two computers, ...

New Customer Testimonials

Enterprises of all sizes and across different industries are accelerating cloud adoption by migrating ...