Splunk Enterprise Security

Enterprise Security: where is the CIM compatibility breakdown per sourcetype for Splunk_TA_symantec-ep?

danielbb
Motivator

Looking at Splunk_TA_symantec-ep and I wonder where the documentation for the sourcetypes, which are CIM compliant, is.

0 Karma
1 Solution

harsmarvania57
SplunkTrust
SplunkTrust

Hi,

Here you go https://docs.splunk.com/Documentation/AddOns/released/SymantecEP/Sourcetypes , that has each source type mapped with CIM datamodels.

View solution in original post

harsmarvania57
SplunkTrust
SplunkTrust

Hi,

Here you go https://docs.splunk.com/Documentation/AddOns/released/SymantecEP/Sourcetypes , that has each source type mapped with CIM datamodels.

Get Updates on the Splunk Community!

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

Getting Started with AIOps: Event Correlation Basics and Alert Storm Detection in ...

Getting Started with AIOps:Event Correlation Basics and Alert Storm Detection in Splunk IT Service ...

Register to Attend BSides SPL 2022 - It's all Happening October 18!

Join like-minded individuals for technical sessions on everything Splunk!  This is a community-led and run ...