Related Answers
Download topic as PDF
Release notes for the Splunk Add-on for OSSEC
About this release
Version 4.1.0 of the Splunk Add-on for OSSEC is compatible with the following software, CIM versions, and platforms.
| Splunk platform versions | 7.3, 8.0, 8.1 |
| CIM | 4.17 |
| Platforms | Platform independent |
| Vendor Products | OSSEC 3.6.0 |
The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New or Changed features
- Add support of Ossec version 3.6.0
- Add support for SC4S
- Add CIM mapping and fix gaps/issues for CIM v4.17
- Alert datamodel mapping has been removed from
ossec_alerteventtype - Endpoint datamodel mapping has been removed from
ossec_file_integrity_monitoringeventtype defaulttag of authentication has been removed fromossec_authenticationeventtype
Fixed issues
Version 4.1.0 of the Splunk Add-on for OSSEC fixed the following issues, if any.
Known issues
Version 4.1.0 of the Splunk Add-on for OSSEC has no reported known issues, if any.
Third-party software attributions
Version 4.1.0 of the Splunk Add-on for OSSEC does not incorporate any third-party components or libraries.
|
PREVIOUS Troubleshoot the Splunk Add-on for OSSEC |
NEXT Release notes history for the Splunk Add-on for OSSEC |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!