I am trying to map data to Vulnerabilities CIM model that I have collected via a python input in a new TA that I am building via the Splunk add-on builder app.
According to the CIM modelling documentation, I should map the tags of Vulnerabilities CIM Model - report
, vulnerability
- to the event type. Is there a way to do this within the splunk add-on builder via the UI, so I could package it for the end-user of the TA within the TA itself?
In the Map to Data Model
tab of the Splunk Add-On Builder, I can only see the ability to create Event Types but not map tags to the event type.
Thanks in advance!
So, I seem to have figured this out.
When mapping to a data model in the Splunk TA Builder, the tags for CIM data model are automatically assigned to the event types that I define. So in this case, report
and vulnerability
were assigned to the event types that I had to define for the data.
Also, if I had to, I could separately create more tags within the new Add-on by going to Tags
option within the Splunk Web UI settings, selecting my add-on in the List tags by name
and creating a new tag for the app. This creates the tag within the add-on itself.
So, I seem to have figured this out.
When mapping to a data model in the Splunk TA Builder, the tags for CIM data model are automatically assigned to the event types that I define. So in this case, report
and vulnerability
were assigned to the event types that I had to define for the data.
Also, if I had to, I could separately create more tags within the new Add-on by going to Tags
option within the Splunk Web UI settings, selecting my add-on in the List tags by name
and creating a new tag for the app. This creates the tag within the add-on itself.