All Apps and Add-ons

What versions of these 2 apps are compatible: Splunk Common Information Model (CIM) add-on and the Cisco eStreamer eNcore Add-on for Splunk?

att35
Builder

Hi,

We recently upgraded to the latest eStreamer eNcore app from Cisco ( https://splunkbase.splunk.com/app/3662) and are also using the new dashboard for the same ( https://splunkbase.splunk.com/app/3663), although neither of them list any CIM versions under the compatibility section.

And the only Add-on for eStreamer which does lists CIM compatibility is https://splunkbase.splunk.com/app/1808 ( Built by Splunk, not Cisco).

Is this still the correct add-on to be used for adding CIM compatibility to sourcefire data pulled by eStreamer eNcore app?

Thanks,

~Abhi
to make eStreamer data CIM Compatible?

sastrach
Path Finder

Please use the Splunk Add-on for Cisco FireSIGHT - 1808.

Please note that at present Splunk Add-on for Cisco FireSIGHT searches for “cisco:sourcefire” events, therefore you will need to apply some kind of renaming or adjust the sourcetype values so they match.

For example navigate to Settings > Fields > Sourcetype renaming and change from sourcetype="cisco:estreamer:data" to sourcetype="cisco:sourcefire”

0 Karma

smitra_splunk
Splunk Employee
Splunk Employee

After re-casting of sourcetype, will field extractions match up between the field names as presented by the encore eStreamer AddOn and the old Cisco FireSIGHT , or, is it expected to redo field aliasing between fields from new eStreamer AddOn and old Cisco FireSIGHT ?

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...