All Apps and Add-ons

admonEventType="deleted" not tagged with 'change'

simonsigre
Path Finder

I have noted events such as

index=* sourcetype=ActiveDirectory admonEventType="deleted" OR admonEventType="updated"

Does not have an eventtype set that applies the appropriate tags to have it comply with

https://docs.splunk.com/Documentation/CIM/4.11.0/User/ChangeAnalysis

Even though this is flagged as being CIM compliant, would be great if these where added, or, the project Git repo be made available as to allow contributions

simonsigre
Path Finder

@shogan_splunk any updates on the GitHub access?

0 Karma

simonsigre
Path Finder

Thanks @shogan_splunk appreciate the update and look forward to getting access to repo .
Also, props (not a Splunk joke) to forum handle.

0 Karma

shogan_splunk
Splunk Employee
Splunk Employee

Simon,
I am working on a major update, with the main part using the kv store, along with other minor fixes/enhancements. I will split off a minor update to include the missing CIM tags as well as the planned minor fixes and Windows TA v5 + support.
As far as github, I will place it there and update this answer with a link.
Thanks for the feedback,
Steve

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...