This app is archived. Learn more

Microsoft Cloud App Security Add-on for Splunk

The purpose of this add-on is to provide value to your Microsoft Cloud App Security syslog from Alerts and Activities. This is done by making the logs CIM compliant, adding tagging for Enterprise Security data models, and other knowledge objects to make searching and visualizing this data easy. This add-on assumes you are onboarding the data either using a syslog collector that outputs to a file or using the built-in Splunk TCP/UDP listener (I would highly recommend the former)--the knowledge objects will work for any ingestion method if you use the correct sourcetype. Regardless of ingestion method, you may need to adjust some of the props.conf settings for proper line breaking and timestamp parsing. * Built for Splunk Enterprise 6.x.x or higher * CIM Compliant (CIM 4.0.0 or higher) * Ready for Enterprise Security

Built by Hurricane Labs

Latest Version 1.0.0

October 5, 2020

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0

CIM Version: 4.x

Rating

0

(0)

Log in to rate this app

Support

Not Supported

Learn more

The purpose of this add-on is to provide value to your Microsoft Cloud App Security syslog from Alerts and Activities. This is done by making the logs CIM compliant, adding tagging for Enterprise Security data models, and other knowledge objects to make searching and visualizing this data easy. This add-on assumes you are onboarding the data either using a syslog collector that outputs to a file or using the built-in Splunk TCP/UDP listener (I would highly recommend the former)--the knowledge objects will work for any ingestion method if you use the correct sourcetype. Regardless of ingestion method, you may need to adjust some of the props.conf settings for proper line breaking and timestamp parsing. * Built for Splunk Enterprise 6.x.x or higher * CIM Compliant (CIM 4.0.0 or higher) * Ready for Enterprise Security