Hi All,
I would like to know about the process to update the CIM. I am currently getting the following errors:
Splunk_SA_CIM version 4.11.0 is lower than required 4.9.1
Could someone guide me through the process or any links?
TIA
I guess the reason is due to internal splunk check but Zero padding missing.
The logic is done using SplunkEnterpriseSecuritySuite/bin/configuration_checks/confcheck_es_app_version.py
It compares the list of files from SplunkEnterpriseSecuritySuite/install/installable_apps.txt
and a pre-requesite set of JSON file.
SplunkEnterpriseSecuritySuite-4.x.x
file. You can either manipulate this file (after taking a copy)
or ensure that you have an Enterprise SEcurity you can upgrade to, which has the minimum check of Splunk_SA_CIM
version of 4.10.x or something. Enterprise Security 4.7.6 works perfectly fine with CIM 4.10.0