Source types for the Splunk Add-on for Juniper
The Splunk Add-on for Juniper can collect the following kinds of events: risks, authentication, alerts, and traffic. The add-on includes the following source types and event types, which map the Juniper data to the Splunk Common Information Model (CIM):
| Source type | Event type | CIM data models | |
|---|---|---|---|
netscreen:firewall
|
netscreen_firewall
|
n/a | |
netscreen_firewall_communicate
|
Network Traffic | ||
netscreen_firewall_translation_mac_to_ip
|
n/a | ||
netscreen_authentication
|
Authentication | ||
netscreen_authentication_default
|
Authentication - Default_Authentication | ||
netscreen_authentication_privileged
|
Authentication - Privileged_Authentication | ||
netscreen_firewall_modify_policy
|
Change | ||
netscreen_restart
|
n/a | ||
netscreen_alert
|
Alerts | ||
juniper:junos:idp
|
juniper_junos_idp
|
n/a | |
juniper_junos_idp_attack
|
Intrusion Detection | ||
juniper:junos:idp:structured
|
juniper_junos_idp
|
n/a | |
juniper_junos_idp_attack
|
Intrusion Detection | ||
juniper:junos:firewall
|
juniper_junos_firewall
|
Network Traffic | |
juniper_junos_firewall_utm_attack
|
Intrusion Detection | ||
juniper_junos_firewall_web
|
Web | ||
juniper:junos:firewall:structured
|
juniper_junos_firewall
|
Network Traffic | |
juniper_junos_firewall_utm_attack
|
Intrusion Detection | ||
juniper_junos_firewall_utm_web
|
Web | ||
juniper:junos:aamw:structured
|
juniper_junos_aamw
|
Intrusion Detection | |
juniper:junos:secintel:structured
|
juniper_junos_secintel
|
Intrusion Detection | |
juniper:junos:snmp
|
juniper_junos_change_network
|
Change - Network_Changes |
Last modified on 25 September, 2023
| Troubleshoot the Splunk Add-on for Juniper | Lookups for the Splunk Add-on for Juniper |
This documentation applies to the following versions of Splunk® Supported Add-ons: released, released
Download manual
Feedback submitted, thanks!