Splunk Enterprise Security Free Training | Network Traffic Data Model CIM Compliant
ฝัง
- เผยแพร่เมื่อ 13 ก.ค. 2024
- L.A.M.E. Creations has scoured the internet for guidance on the Enterprise Security SIEM from Splunk but has found most of the videos are behind a paywall. They decided to change that.
This video will show how to take sourcetype conn logs from Corelight and convert the logs to be CIM compliant to the Network Traffic data model.
This is a playlist and we strongly encourage you to watch the playlist for all of the videos on Enterprise security below.
• Splunk Enterprise Secu...
Join this channel to get access to early release of videos and exclusive training videos that will help make you L.A.M.E. ninja: / @lamecreations_guides
![[TH] Esports World Cup : Knockout Stage Day 3](http://i.ytimg.com/vi/t3FcD5TD8qI/mqdefault.jpg)
is there any difference between doing it this way or using the Splunk Add-on Builder app?
Ultimately the answer is no. It comes down to preference. Both methods are creating the props files necessary for Splunk to put the data into the appropriate CIM model. I do it as I showed in the video because it's easier for me to make a table command and look for all the fields i want to alias and then make those changes, but you can totally do the same thing inside app builder. I used to use app builder, but over time I have moved to the method I showed in the video, but honestly do what works best for you. I actually don't even do this anymore, I use cribl - it is far and away the easiest tool I have ever used for making something CIM Compliant.
@@lamecreations_guides Thank you so much! this makes a lot of sense now! keep up the great work! looking forward to finishing the whole training series!!!