Splunk Enterprise Security

Splunk ES and CIM compatibility

spectrum2035
Explorer

Hello,

We would like to use the latest CIM version (4.13.0) in order to use the Endpoint datamodel which is not available in the earlier CIM version.

Our Splunk ES is on 5.1.0 with CIM (4.11.0).

If I upgrade CIM without upgrading the Splunk ES, will that be an issue?

0 Karma
1 Solution

amitm05
Builder

I think your CIM compatibility has to be with Splunk Versions which needs to be 7.2 OR 7.1 for CIM 4.13.

And then your ES App also has to be compatible with Splunk Versions which in your case is -
5.1 (ES) which goes with 7.1 OR 7.2.

So, your CIM and ES App would be compatible to each other.
You can refer the compatible versions of CIM, ES App and Splunk from here -
https://splunkbase.splunk.com/app/263/

Please accept as answer if this responds to your query, Thanks.

View solution in original post

amitm05
Builder

I think your CIM compatibility has to be with Splunk Versions which needs to be 7.2 OR 7.1 for CIM 4.13.

And then your ES App also has to be compatible with Splunk Versions which in your case is -
5.1 (ES) which goes with 7.1 OR 7.2.

So, your CIM and ES App would be compatible to each other.
You can refer the compatible versions of CIM, ES App and Splunk from here -
https://splunkbase.splunk.com/app/263/

Please accept as answer if this responds to your query, Thanks.

View solution in original post

spectrum2035
Explorer

Thanks amitm05

0 Karma