All Apps and Add-ons

Mapping tags to Event Types via Splunk Add-on Builder

manasbellani
Explorer

I am trying to map data to Vulnerabilities CIM model that I have collected via a python input in a new TA that I am building via the Splunk add-on builder app.

According to the CIM modelling documentation, I should map the tags of Vulnerabilities CIM Model - report, vulnerability- to the event type. Is there a way to do this within the splunk add-on builder via the UI, so I could package it for the end-user of the TA within the TA itself?

In the Map to Data Model tab of the Splunk Add-On Builder, I can only see the ability to create Event Types but not map tags to the event type.

Thanks in advance!

0 Karma
1 Solution

manasbellani
Explorer

So, I seem to have figured this out.

When mapping to a data model in the Splunk TA Builder, the tags for CIM data model are automatically assigned to the event types that I define. So in this case, report and vulnerability were assigned to the event types that I had to define for the data.

Also, if I had to, I could separately create more tags within the new Add-on by going to Tags option within the Splunk Web UI settings, selecting my add-on in the List tags by name and creating a new tag for the app. This creates the tag within the add-on itself.

View solution in original post

0 Karma

manasbellani
Explorer

So, I seem to have figured this out.

When mapping to a data model in the Splunk TA Builder, the tags for CIM data model are automatically assigned to the event types that I define. So in this case, report and vulnerability were assigned to the event types that I had to define for the data.

Also, if I had to, I could separately create more tags within the new Add-on by going to Tags option within the Splunk Web UI settings, selecting my add-on in the List tags by name and creating a new tag for the app. This creates the tag within the add-on itself.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...