SecKit_SA_idm_common
This purpose of this Splunk add on is to provide foundational tools and routines for the population of assets and identities in the Enterprise Security and PCI applications for Splunk.
-Minor updates to doc, description and naming for SplunkWorks approval process
-Add copyright to files as headers
App cert fixe
Minor updates including code clean up and additional app certification and cloud issue resolutions
Fixed is_expected output condition to use proper syntax and resolve case issue
Moved the release server to bintray easier to release early builds now
Fixed up some small annoyances check out commits here
https://bitbucket.org/SPLServices/seckit_sa_idm_common/commits/all
Certification Fixes
Bug Fixes
Fixed a ugly bug causing assets to not output
-Prevent \n from remaining in the category field
-cleanup errant | from identity fields
-Add Support for ES 4.2/4.5 multi value IP and MAC in assets
Metadata file was omited fro the latest build
Fixed missing default lookups due to changes in packaging process
Fixed missing static icons
Fixed allowing bare IP and /32 CIDRs in common output
Fixed long values missing from output of CIDR Assets
-Major release possible breaking changes verify all outputs
-Minimize duplicate/conflicting true/false values
-Support pci_domain based on static host file
-Support pci_domain based on cidr match
-Dedup and filter categories at generation time (dups will occur at search time)
-Better is_expected tracker
Fix duplicate categories on network assets
-Fixed issue in stream dhcp search causing unchecked lookup growth
-Fix version string
- new saved search seckit_idm_common_stream_dhcpnetworks to automatically identify and categorize dhcp managed networks based on Splunk App for stream data.
TKO Release
-Automatic set for is_expected using meta data
seckit_idm_common_get_asset_geo
get geo fields by ipseckit_idm_common_get_asset_net_category
get network categories by ip.seckit_idm_common_get_asset_net_id_category
generate a net_id: category by for defined networksseckit_idm_common_external_geocode
defaults to NOOP for later use with max mind databaseseckit_idm_common_build_net_assets
enhancementsAs a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.