Release notes for the Splunk Add-on for Symantec DLP
Version 1.1.0 of the Splunk Add-on for Symantec DLP was released on December 29, 2021. It is compatible with the following software, CIM versions, and platforms.
Splunk platform versions | 8.0.x, 8.1.x, 8.2.x |
CIM | 4.20.2 |
Platforms | Platform independent |
Vendor Products | Symantec DLP 12.5, 14, 15.8 |
New features
Version 1.1.0 of the Splunk Add-on for Symantec DLP has the following new features.
- Added Support of latest product version 15.8.
- Added support for SC4S.
See the following tables for information on field changes between 1.0.6 and 1.1.0:
Sourcetype | CIM Field | Event Identifier | Vendor Field in 1.0.6 | Vendor Field in 1.1.0 |
---|---|---|---|---|
symantec:dlp:syslog
|
src | All | endpoint_machine , example : C12345678 |
machine_ip , example : xx.xxx.xxx.xxx |
type | All | alert | event, alert ( if event action is blocked, then type will be alert otherwise event ) | |
dest | All | host , example : so2 |
Destination_IP - , example : xx.xx.xxx.xx |
Source-type | sourcetype | Fields added | Fields removed |
---|---|---|---|
symantec:dlp:syslog
|
symantec:dlp:syslog | signature_id, signature, description | src_bunit |
Fixed issues
Version 1.1.0 of the Splunk Add-on for Symantec DLP contains the following, if any, known issues.
Known issues
Version 1.1.0 of the Splunk Add-on for Symantec DLP contains the following, if any, known issues.
Third-party software attributions
Version 1.1.0 of the Splunk Add-on for Symantec DLP does not incorporate any third-party software or libraries.
Format specifications for event types for the Splunk Add-on for Symantec DLP | Release history for the Splunk Add-on for Symantec Endpoint Protection |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!