Splunk® Supported Add-ons

Splunk Add-on for McAfee NSP

Lookups for the Splunk Add-on for McAfee NSP

The Splunk Add-on for McAfee NSP has four lookups. The lookup files map fields from McAfee NSP systems to CIM-compliant values in the Splunk platform. The lookup files are located in $SPLUNK_HOME/etc/apps/Splunk_TA_mcafee_nsp/lookups.

Filename Description
mcafee_nsp_alert_action.csv Maps McAfee NSP Alert event's result to action
mcafee_nsp_audit_action.csv Maps McAfee NSP Audit event's audit_action to action, change_type, object, command and object_category
mcafee_nsp_audit_status.csv Maps McAfee NSP Audit event's audit_result to status and result.
mcafee_nsp_firewall_action.csv Maps McAfee NSP Firewall event's acl_action to action.
Last modified on 11 May, 2023
Format specifications for event types with the Splunk Add-on for McAfee NSP release 1.1.0   Source types for the Splunk Add--on for McAfee NSP

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters