This add-on is designed to achive CIM compliant field mapping of data, gathered by Panda Adaptive Defense 360 Endpoint Protection software.
It populates the Authentication, Network Traffic, Endpont and Web datamodels.
It requires SIEM Feeder license and SIEM feeder agent installed on the system.
Indexer, Search head and Heavy Forwarder (if applicable)
Before installing this add-on install and configure Panda SIEM Feeder Importer to download logs to your server. Log format should be set to CEF.
The Panda Adaptive Defense 360 Add-on for Splunk can be downloaded, installed, and configured to receive Panda Adaptive Defense 360 Endpoint Protection data.
This app does not add any new inputs, it merely rewrites original SIEM Feeder events to Splunk CIM compliant format.
Install this Add-on on your search head and indexers/heavy forwarders.
On the server, where you download logs using Panda's SIEM Feeder Importer, you should configure the data input where you specify the appropriate sourcetype (pandafeedercef) and crcSalt (<SOURCE>).
crcSalt = <SOURCE>
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.