Splunk Enterprise Security

Any recommendations for which existing Data Model would be best to match up Qumulo to CIM Compliance?

bill_king
Path Finder

Any recommendations out there which existing Data Model would be best to match up Qumulo (network drive file access, mods, delete, read, and so on) log events to for CIM compliance?  One might think the "Data Access" DM but the fields are not even close; the Endpoint.filesystem DM appears to be my best option.  


Labels (1)
Tags (3)
0 Karma

chaker
Contributor
0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...