Splunk Enterprise Security
Highlighted

Trend Micro officescan and deepsecurity sourcetype as not papulating in Malware datamodel

Communicator

Maily I have three sourcetypes
sourcetype=Officescan ( workstation logs( signature update, malware etc)
sourcetype = deepsecurity ( servers, malware logs)
sourcetype = trendmicro ( TrendMicro Control centre logs)

I can see the sourecetype=trendmicro with tag=malware. but other I can't see although they have also tag=malware.

secondly how can I made the app CIM compliant.

0 Karma
Highlighted

Re: Trend Micro officescan and deepsecurity sourcetype as not papulating in Malware datamodel

Communicator

In continuation of above, I install the TA_officescan TA on search head and on ES.
on search Head I can see the proper field extration and tags assosication. whereas In ES i cant see field extration NOR tag association.
am i missing something.?

View solution in original post

0 Karma
Highlighted

Re: Trend Micro officescan and deepsecurity sourcetype as not papulating in Malware datamodel

Communicator

Answering to myself:

the naming convention for splunk apps to be appear in Splunk ES.

Referrence URL: https://docs.splunk.com/Documentation/ES/4.1.0/Install/InstallTechnologyAdd-ons#Import_add-ons_with_...

0 Karma
Highlighted

Re: Trend Micro officescan and deepsecurity sourcetype as not papulating in Malware datamodel

Path Finder

HI Rashid, which TA did you use for officescan?

0 Karma