Knowledge Management

CIM data model for Azure activity logs in Splunk

bsanjee
Explorer

Hello,

I have onboarded activity logs from an azure subcription to splunk using Azure monitor addon for splunk, https://splunkbase.splunk.com/app/3534/#/details , and the logs are parsed into below sourcetypes,

amal:administrative
amal:serviceHealth
amal:resourceHealth
amal:security
amal:ascRecommendation
amal:ascAlert

Is there a CIM model for these sourcetypes? If not, how should CIM compliance be validated?

0 Karma

ssadh_splunk
Splunk Employee
Splunk Employee
0 Karma

HiroshiSatoh
Champion

This APP is not CIM compliant. You need to ask the creator, or associate yourself with CIM.
Good luck!

0 Karma
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...