Lookups for the Splunk Add-on for FireSIGHT
The Splunk Add-on for Cisco FireSIGHT has six lookups. The lookup files are located in
$SPLUNK_HOME/etc/apps/Splunk_TA_sourcefire/lookups
.
Filename | Description |
---|---|
cisco_sourcefire_impact.csv
|
Maps the impact ID from Sourcefire to a human-readable string. |
cisco_sourcefire_malware_action.csv
|
Maps the malware action from Sourcefire to a CIM-compliant value. |
cisco_sourcefire_severity.csv
|
Maps the impact and priority values from Sourcefire to a CIM-compliant severity value. |
snort_categories.csv
|
Maps maps the category ID from Sourcefire and Snort to a human-readable string. |
snort_severities.csv
|
Maps the severity ID from Sourcefire and Snort to a CIM-compliant value. |
snort_vendor_info.csv
|
Defines the vendor and product fields for this add-on. |
Troubleshoot the Splunk Add-on for Cisco FireSIGHT |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!