All Apps and Add-ons

What versions of these 2 apps are compatible: Splunk Common Information Model (CIM) add-on and the Cisco eStreamer eNcore Add-on for Splunk?

att35
Builder

Hi,

We recently upgraded to the latest eStreamer eNcore app from Cisco ( https://splunkbase.splunk.com/app/3662) and are also using the new dashboard for the same ( https://splunkbase.splunk.com/app/3663), although neither of them list any CIM versions under the compatibility section.

And the only Add-on for eStreamer which does lists CIM compatibility is https://splunkbase.splunk.com/app/1808 ( Built by Splunk, not Cisco).

Is this still the correct add-on to be used for adding CIM compatibility to sourcefire data pulled by eStreamer eNcore app?

Thanks,

~Abhi
to make eStreamer data CIM Compatible?

sastrach
Path Finder

Please use the Splunk Add-on for Cisco FireSIGHT - 1808.

Please note that at present Splunk Add-on for Cisco FireSIGHT searches for “cisco:sourcefire” events, therefore you will need to apply some kind of renaming or adjust the sourcetype values so they match.

For example navigate to Settings > Fields > Sourcetype renaming and change from sourcetype="cisco:estreamer:data" to sourcetype="cisco:sourcefire”

0 Karma

smitra_splunk
Splunk Employee
Splunk Employee

After re-casting of sourcetype, will field extractions match up between the field names as presented by the encore eStreamer AddOn and the old Cisco FireSIGHT , or, is it expected to redo field aliasing between fields from new eStreamer AddOn and old Cisco FireSIGHT ?

0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...