All Apps and Add-ons

Is the Add-on for Checkpoint OPSEC LEA CIM Compliant?

jklumpp_splunk
Splunk Employee
Splunk Employee

Is this add-on CIM compliant and will updates be required to work with the ES app?

0 Karma
1 Solution

jcoates_splunk
Splunk Employee
Splunk Employee

Hi, it is CIM compliant.

View solution in original post

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

Hi, it is CIM compliant.

0 Karma

bobdeschutter
New Member

I downvoted this post because this add-on may have been cim compliant in 2014, but it's a different story now...

0 Karma

jbrodsky_splunk
Splunk Employee
Splunk Employee

Note that there are two sourcetypes supported - both "opsec" which is what the LEA input documents as the standard sourcetype for incoming LEA data, and "checkpoint" and if you look at the props.conf provided in the app you can see that both are CIM compliant.

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...