Lookups for the Splunk Add-on for Symantec Endpoint Protection
The Splunk Add-on for Symantec Endpoint Protection has the following lookups that map fields from Symantec Endpoint Manager systems to CIM-compliant values in the Splunk platform. The lookup files are located in
$SPLUNK_HOME/etc/apps/Splunk_TA_symantec-ep/lookups.
| Filename | Description |
|---|---|
symantec_ep_admin_authentication_action.csv
|
Maps the event_description field to a CIM-compliant action value.
|
symantec_ep_actions.csv
|
Maps vendor_action to action
|
symantec_ep_admin_actions_340.csv
|
Maps vendor_action to action, vendor_action
|
symantec_ep_icmp_types.csv
|
Maps icmp_type_code to icmp_type_name, icmp_type_code
|
symantec_ep_severity.csv
|
Maps vendor_severity to severity
|
symantec_ep_alert_type_340.csv
|
Maps description to type, severity
|
symantec_ep_authentication_fields.csv
|
Maps description to action, reason
|
symantec_ep_change_action_340.csv
|
Maps event_action to action
|
symantec_ep_change_data_model_fields_340.csv
|
Maps vendor_action to status, change_type, object_category
|
symantec_ep_data_model_340.csv
|
Maps event_description to cim_data_model, dataset
|
symantec_ep_endpoint_service_fields.csv
|
Maps description to service, service_name, , status
|
Last modified on 09 January, 2023
| Source types for the Splunk Add-on for Symantec Endpoint Protection | Release notes for the Splunk Add-on for Symantec Endpoint Protection |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!