Latest Version 1.0.3
August 20, 2024
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
Infigo Additional Parsing
There are unfortunately TAs on Splunkbase that do not fully parse or map the data to Splunk CIM datamodels. Purpose of this application is to provide parsing knowledge objects for different technologies in order to achieve full compliance with CIM. It is recommended to install this application with Infigo SIEM (https://classic.splunkbase.splunk.com/app/7147/) in order to get maximum from your SIEM sollution. Additional parsing and mapping to CIM are most notably done for Sysmon, Cisco eStreamer, Splunk Stream DNS, MS Defender.
Built by
Compatibility
Not Available
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0
CIM Version: 5.x
Rating
0
(0)
Log in to rate this app
Support
Developer Supported addon
Ranking
#7
in Generic
There are unfortunately TAs on Splunkbase that do not fully parse or map the data to Splunk CIM datamodels. Purpose of this application is to provide parsing knowledge objects for different technologies in order to achieve full compliance with CIM. It is recommended to install this application with Infigo SIEM (https://classic.splunkbase.splunk.com/app/7147/) in order to get maximum from your SIEM sollution. Additional parsing and mapping to CIM are most notably done for Sysmon, Cisco eStreamer, Splunk Stream DNS, MS Defender.
Keep in mind that for some specific sourcetypes it reduces the size of events, examples are Fortigate and Palo Alto, Checkpoint, Windows.
If there are additional parsing improvements that you have, or for any of the different technologies send them to us and we will curate it and publish it in the new versions of the application.
Contact us through the website or via email:
https://www.infigosiem.com
infigoapps@infigo.is
Categories
Created By
Infigo IS
Type
addon
Downloads
11,273
Licensing
Splunk Answers
Resources
Log in to report this app listing