Cisco Firepower eStreamer eNcore Add-on for Splunk 3.6.8 not CIM compatible?

1818

Views

Helpful

Replies

Is anyone using TA-eStreamer 3.6.8 with Splunk Enterprise Security?

Although the add-on says it's CIM 4.x compatible we're not seeing any of the cisco:estreamer:data sourcetype matching data models.

Looking at the add-on it doesn't have any tags.conf or eventtypes.conf files so nothing to tie it to the appropriate CIM data models.

0 Replies 0

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide