Eset Remote Administrator TA for Splunk. Fields extractions and CIM mapping
Author Information
Original author: UnderDefense LLC
Version: 1.0.0
Updates history:
[1.0.0]
- Initial release
- Data model mapping Malware -> Blocked
- Some problems with timestamp
- Actions "cleaned by deleting", "connection terminated" and "deleted" = action "blocked" for good CIM mapping
[1.0.1]
-Some description added in readme
Configurations:
Install this TA from splunkbase or manually on your search heads
Configure port listening in Data Inputs
Enjoy your data!
Recommendations:
We recommend to separate your data and create index specially for this TA.
Email support during weekday from 08:00 to 16:00 by UTC time
Contact information:
rs@underdefense.com
Relese 1.0.2:
- Update package for compatibility with Splunk 7.0-7.1
- Added Documentation
- Change README
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.