Archive

Is the Add-on for Checkpoint OPSEC LEA CIM Compliant?

Splunk Employee
Splunk Employee

Is this add-on CIM compliant and will updates be required to work with the ES app?

0 Karma
1 Solution

Splunk Employee
Splunk Employee

Hi, it is CIM compliant.

View solution in original post

0 Karma

Splunk Employee
Splunk Employee

Hi, it is CIM compliant.

View solution in original post

0 Karma

New Member

I downvoted this post because this add-on may have been cim compliant in 2014, but it's a different story now...

0 Karma

Splunk Employee
Splunk Employee

Note that there are two sourcetypes supported - both "opsec" which is what the LEA input documents as the standard sourcetype for incoming LEA data, and "checkpoint" and if you look at the props.conf provided in the app you can see that both are CIM compliant.

0 Karma