Splunk Enterprise Security

Splunk Add-on for Microsoft Active Directory: Is this add-on compliant with Common Information Model (CIM)?

guarisma
Contributor

Splunkbase says Splunk Add-on for Microsoft Active Directory is complaint with CIM VERSIONS 4.0, 3.0 ( https://splunkbase.splunk.com/app/3207/ ), but I cannot find the documentation like other Splunk built Add-ons about what Data sets from the Common Information Model (CIM) Data Model matches each of the sourcetypes

Does anyone know?

This are the sourcetypes included in the Splunk Add-on for Microsoft Active Directory

MSAD:NT6:Health
MSAD:NT6:SiteInfo
MSAD:NT6:Replication
MSAD:NT6:Netlogon
MSAD:SubnetAffinity

I'm looking for sources that can be ingested by Splunk Enterprise Security

1 Solution

mglauser_splunk
Splunk Employee
Splunk Employee

Hello,

After verifying with the development team, the Splunk Add-on for Microsoft Active Directory is not CIM compliant. Cim compliance has now been removed from the add-on's Splunkbase page to reflect this information.

View solution in original post

mglauser_splunk
Splunk Employee
Splunk Employee

Hello,

After verifying with the development team, the Splunk Add-on for Microsoft Active Directory is not CIM compliant. Cim compliance has now been removed from the add-on's Splunkbase page to reflect this information.

guarisma
Contributor

Is there a replacement for this Add-on?

0 Karma

niemesrw
Path Finder

Hi guarisma - you can see what's CIM compatible by looking at the tags.conf and probably eventtypes.conf files in the TA - usually eventtypes have been tagged with CIM-compatible tags as a sort-of best practice. If something has a tag that matches a CIM tag then that's where you're going to see it map into the CIM.

At first glance, I don't see any tags in the TA, so I don't believe any work has been done to that TA.

0 Karma
Get Updates on the Splunk Community!

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...

Security Highlights | January 2023 Newsletter

January 2023 Splunk Security Essentials (SSE) 3.7.0 ReleaseThe free Splunk Security Essentials (SSE) 3.7.0 app ...