Attack Scanner supports the Web and Proxy data model of Common Information Model (CIM) add-on. If you have created a technology add-on that supports the Web and Proxy data model, you can set this source type through the app’s Settings screen.
Alternatively, take advantage of Splunk’s field alias to create an alias for specific fields. Note, however, that Attack Scanner uses src (traffic source) and dest (traffic destination) by default. To enable support, create another alias for your own source and destination fields.
... View more