Lookups for the Splunk Add-on for Symantec DLP
The Splunk Add-on for Symantec DLP has two lookups. The lookup files map fields from Symantec DLP systems to CIM-compliant values in the Splunk platform. The lookup files are located in
$SPLUNK_HOME/etc/apps/Splunk_TA_symantec-dlp/lookups
.
Filename | Description |
---|---|
symantec_dlp_severity.csv
|
Maps Symantec DLP vendor_severity to severity
|
symantec_dlp_action.csv
|
Maps Symantec DLP blocked to action
|
Troubleshoot the Splunk Add-on for Symantec DLP | Source types for the Splunk Add-on for Symantec DLP |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!