Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Collections
Apps
Submit an App
Infigo Additional Parsing app icon

Infigo Additional Parsing

There are unfortunately TAs on Splunkbase that do not fully parse or map the data to Splunk CIM datamodels. Purpose of this application is to provide parsing knowledge objects for different technologies in order to achieve full compliance with CIM. It is recommended to install this application with Infigo SIEM (https://classic.splunkbase.splunk.com/app/7147/) in order to get maximum from your SIEM sollution. Additional parsing and mapping to CIM are most notably done for Sysmon, Cisco eStreamer, Splunk Stream DNS, MS Defender. Keep in mind that for some specific sourcetypes it reduces the size of events, examples are Fortigate and Palo Alto, Checkpoint, Windows. If there are additional parsing improvements that you have, or for any of the different technologies send them to us and we will curate it and publish it in the new versions of the application. Contact us through the website or via email: https://www.infigosiem.com infigoapps@infigo.is

Built by Infigo IS
splunk product badge
Latest Version 1.0.3
August 20, 2024
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0
CIM Version: 5.x
Rating

0

(0)

Log in to rate this app
Ranking

#26

in Generic
There are unfortunately TAs on Splunkbase that do not fully parse or map the data to Splunk CIM datamodels. Purpose of this application is to provide parsing knowledge objects for different technologies in order to achieve full compliance with CIM. It is recommended to install this application with Infigo SIEM (https://classic.splunkbase.splunk.com/app/7147/) in order to get maximum from your SIEM sollution. Additional parsing and mapping to CIM are most notably done for Sysmon, Cisco eStreamer, Splunk Stream DNS, MS Defender. Keep in mind that for some specific sourcetypes it reduces the size of events, examples are Fortigate and Palo Alto, Checkpoint, Windows. If there are additional parsing improvements that you have, or for any of the different technologies send them to us and we will curate it and publish it in the new versions of the application. Contact us through the website or via email: https://www.infigosiem.com infigoapps@infigo.is

Categories

Created By

Infigo IS

Type

addon

Downloads

413

Licensing

Splunk Answers

Resources

Login to report this app listing