I am having a tough time understanding how anyone is getting Cisco Ironport ESA data to map to the CIM for use in things like Enterprise Security. Where I work, I would say that email is the most l...
I haven't been able to find an answer to this in the documentation. Can you add data models to the Splunk CommonInformationModel (CIM) app? Or do you always have to use one of the default data models?
I am a fan on the OSSEC app, however to make proper use of it in my eyes it needs to be integrated with theCommonInformationModel.
Has anybody already integrated the OSSEC appp with CommonInformation...
...ultiple indexes linked to it. Shall I actually usethe default data model in CIM, eg datamodel=Authentication with all the indexes in DMZ, ZoneA and ZoneB, or should I make copies of datamodel? S...
I've got a standalone Splunk 7.0.0 instance with data fed by a forwarder (monitoring /var/log on the forwarder's system). Following http://docs.splunk.com/Documentation/CIM/4.9.1/User/H...
...f I can have some information regarding ES.
When I go into Enterprise security and check the data model web, I get some matches:
Am I doing this the right way?
There are not many videos t...
...oans like make and model of the car.
My problem right now is not knowing what the syntax to reference two (possibly three) sources using theinformation found in another source.
Thank you in a...
Can someone tell me what in the Authentication data model distinguishes between login and logout?
http://docs.splunk.com/Documentation/CIM/4.6.0/User/Authentication
I know for sure that I am n...
...plunk built Add-ons about what Data sets from theCommonInformationModel (CIM) Data Model matches each of the sourcetypes
Does anyone know?
This are the sourcetypes included in the Splunk Add-on f...