Splunk® Supported Add-ons

Splunk Add-on for RSA SecurID CAS

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Source types for the Splunk Add-on for RSA SecurID CAS

The Splunk Add-on for RSA SecurID CAS provides the index-time and search-time knowledge for the runtime user logs, admin audit logs, and high risk user list in the following formats.

Source type Source Description CIM data models
rsa:securid:cas:usereventlog:json cloud_administration_api://<input_name>:<account_name> Contains user activity events. Change,Authentication
rsa:securid:cas:adminlog:json cloud_administration_api://<input_name>:<account_name> Contains admin activity events. Change,Authentication
rsa:securid:cas:riskuser:json cloud_administration_api://<input_name>:<account_name> Contains high risk user list events. NA
Last modified on 21 July, 2021
Lookups for the Splunk Add-on for RSA SecurID CAS
Release notes for the Splunk Add-on for RSA SecurID CAS

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters