I have onboarded activity logs from an azure subcription to splunk using Azure monitor addon for splunk, https://splunkbase.splunk.com/app/3534/#/details , and the logs are parsed into below sourcetypes,
Is there a CIM model for these sourcetypes? If not, how should CIM compliance be validated?
Take a look at these apps:
This APP is not CIM compliant. You need to ask the creator, or associate yourself with CIM.