All Apps and Add-ons

Mapping tags to Event Types via Splunk Add-on Builder

manasbellani
Explorer

I am trying to map data to Vulnerabilities CIM model that I have collected via a python input in a new TA that I am building via the Splunk add-on builder app.

According to the CIM modelling documentation, I should map the tags of Vulnerabilities CIM Model - report, vulnerability- to the event type. Is there a way to do this within the splunk add-on builder via the UI, so I could package it for the end-user of the TA within the TA itself?

In the Map to Data Model tab of the Splunk Add-On Builder, I can only see the ability to create Event Types but not map tags to the event type.

Thanks in advance!

0 Karma
1 Solution

manasbellani
Explorer

So, I seem to have figured this out.

When mapping to a data model in the Splunk TA Builder, the tags for CIM data model are automatically assigned to the event types that I define. So in this case, report and vulnerability were assigned to the event types that I had to define for the data.

Also, if I had to, I could separately create more tags within the new Add-on by going to Tags option within the Splunk Web UI settings, selecting my add-on in the List tags by name and creating a new tag for the app. This creates the tag within the add-on itself.

View solution in original post

0 Karma

manasbellani
Explorer

So, I seem to have figured this out.

When mapping to a data model in the Splunk TA Builder, the tags for CIM data model are automatically assigned to the event types that I define. So in this case, report and vulnerability were assigned to the event types that I had to define for the data.

Also, if I had to, I could separately create more tags within the new Add-on by going to Tags option within the Splunk Web UI settings, selecting my add-on in the List tags by name and creating a new tag for the app. This creates the tag within the add-on itself.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...