Splunk® Security Essentials

Use Splunk Security Essentials

This documentation does not apply to the most recent version of Splunk® Security Essentials. For documentation on the most recent version, go to the latest release.

Check if your data is CIM-compliant with the Common Information Model Compliance Check dashboard

Use the Common Information Model (CIM) Compliance Check dashboard to see if your data is CIM-compliant. This dashboard checks CIM compliance by comparing the most common field values against a regular expression. It aggregates those fields per-product and tells you how those products are doing with CIM compliance. To use this dashboard in Splunk Security Essentials, navigate to the main menu, Security Operations > CIM Compliance Check.

In order to start using this dashboard, you must set up Data Inventory introspection. For more information about setting up Data Inventory introspection, see Configure the products you have in your environment with the Data Inventory dashboard.

In this dashboard, there is a list of the products that you configured in Splunk Security Essentials broken out by data source category and the CIM compliance status of each key field for that DSC. If you expand the row, you can also see the actual values returned when searching that data.

Last modified on 06 January, 2021
Aggregate risk attributions with the Analyze ES Risk Attributions dashboard   Configure the products you have in your environment with the Data Inventory dashboard

This documentation applies to the following versions of Splunk® Security Essentials: 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.4.0, 3.5.0, 3.5.1, 3.6.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters