Splunk Enterprise Security

Splunk Add-on for Microsoft Active Directory: Is this add-on compliant with Common Information Model (CIM)?

guarisma
Contributor

Splunkbase says Splunk Add-on for Microsoft Active Directory is complaint with CIM VERSIONS 4.0, 3.0 ( https://splunkbase.splunk.com/app/3207/ ), but I cannot find the documentation like other Splunk built Add-ons about what Data sets from the Common Information Model (CIM) Data Model matches each of the sourcetypes

Does anyone know?

This are the sourcetypes included in the Splunk Add-on for Microsoft Active Directory

MSAD:NT6:Health
MSAD:NT6:SiteInfo
MSAD:NT6:Replication
MSAD:NT6:Netlogon
MSAD:SubnetAffinity

I'm looking for sources that can be ingested by Splunk Enterprise Security

1 Solution

mglauser_splunk
Splunk Employee
Splunk Employee

Hello,

After verifying with the development team, the Splunk Add-on for Microsoft Active Directory is not CIM compliant. Cim compliance has now been removed from the add-on's Splunkbase page to reflect this information.

View solution in original post

mglauser_splunk
Splunk Employee
Splunk Employee

Hello,

After verifying with the development team, the Splunk Add-on for Microsoft Active Directory is not CIM compliant. Cim compliance has now been removed from the add-on's Splunkbase page to reflect this information.

guarisma
Contributor

Is there a replacement for this Add-on?

0 Karma

niemesrw
Path Finder

Hi guarisma - you can see what's CIM compatible by looking at the tags.conf and probably eventtypes.conf files in the TA - usually eventtypes have been tagged with CIM-compatible tags as a sort-of best practice. If something has a tag that matches a CIM tag then that's where you're going to see it map into the CIM.

At first glance, I don't see any tags in the TA, so I don't believe any work has been done to that TA.

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...