- Splunk Answers
- :
- Splunk Premium Solutions
- :
- Security Premium Solutions
- :
- Splunk Enterprise Security
- :
- Cisco ACI Add-on for Splunk Enterprise: What CIM M...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The Cisco ACI Add-on for Splunk Enterprise provides these source types:
cisco:apic:health
cisco:apic:stats
cisco:apic:class
cisco:apic:authentication
And is Common Information Model (CIM) 4.5, 4.4, 4.3, 4.2, 4.1 compliant.
I would like to know what CIM Datasets are in compliant for each source type?
I'm working with Splunk Enterprise Security and which to know what value can Cisco ACI Add-on for Splunk Enterprise can bring to it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From: "Nilay Shah -X (nilaysh - MBO PARTNERS INC at Cisco)"
Date: Thursday, January 26, 2017 at 11:32 AM
To: Igor Guarisma
Cc: "aci-splunk-app(mailer list)"
Subject: Re: What CIM Data Model data sets does each source type of the Cisco ACI Add-on compliant?
Hi Igor,
What you mentioned is correct! The sourcetype cisco:apic:authentication is compliant with CIM data models you listed out. All other sourcetypes/data models are custom built but follow the CIM guidelines for field names, field extractions, aliases, etc.
Additionally,
Source type | Description | CIM data model(s)
cisco:apic:health | Health scores of all entities in the fabric | Custom
cisco:apic:stats | Statistical data on packet flows, network communication, etc | Custom
cisco:apic:class | Class info such as Tenants, EPGs, BD's etc. | Custom
cisco:apic:authentication | Audit & access logs | Authentication, Network Session
I hope this information helps you decide on using Cisco ACI add-on for Enterprise Security app.
Let me know if you have any further questions.
Best Regards,
Nilay Shah.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
From: "Nilay Shah -X (nilaysh - MBO PARTNERS INC at Cisco)"
Date: Thursday, January 26, 2017 at 11:32 AM
To: Igor Guarisma
Cc: "aci-splunk-app(mailer list)"
Subject: Re: What CIM Data Model data sets does each source type of the Cisco ACI Add-on compliant?
Hi Igor,
What you mentioned is correct! The sourcetype cisco:apic:authentication is compliant with CIM data models you listed out. All other sourcetypes/data models are custom built but follow the CIM guidelines for field names, field extractions, aliases, etc.
Additionally,
Source type | Description | CIM data model(s)
cisco:apic:health | Health scores of all entities in the fabric | Custom
cisco:apic:stats | Statistical data on packet flows, network communication, etc | Custom
cisco:apic:class | Class info such as Tenants, EPGs, BD's etc. | Custom
cisco:apic:authentication | Audit & access logs | Authentication, Network Session
I hope this information helps you decide on using Cisco ACI add-on for Enterprise Security app.
Let me know if you have any further questions.
Best Regards,
Nilay Shah.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Guarisma,
That add-on is provided by Cisco, so they're the ones providing the docs for it. The contact information for questions and support is in the Splunkbase details tab, at the bottom: https://splunkbase.splunk.com/app/1897/#/details
You can also probably infer the model mapping my examining the add-on's tags.conf and eventtypes.conf files and comparing the tags you see there to the CIM documentation.
Hope that helps!
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
.conf24 | Personalize your .conf experience with Learning Paths!
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
