Release notes for the Splunk Common Information Model Add-on

New features

Version 4.5.0 of the Splunk Common Information Model Add-on includes the new features:

Issue number	Description
CIM-352	Change the summary range for data model accelerations using CIM setup.
CIM-323	Extend the Malware data model with vector-`url` and vector-`sender` fields
CIM-96	Add a data model for Data Loss Prevention use cases.
SOLNESS-8156	Extend the Splunk Audit Logs data model for modular alert auditing.
SOLNESS-9309	Add the index definition `cim_modactions` for use with the common action model alerts and auditing.

This version of the Splunk Common Information Model Add-on fixes the issues:

Defect number	Description
CIM-307	Improper call to addCellRenderer and render from predictive_analytics.js.

This version of the Splunk Common Information Model Add-on has the known issues:

Date	Defect number	Description
2014-10-24	CIM-238	BaseEvent object hierarchy makes accelerated search unwieldy. Workaround: Update to Splunk Enterprise 6.3 or later.
2014-10-10	CIM-226	In Ticket Management, field "dest" should be used for the machine that the ticket concerns.
2014-07-07	CIM-169 / SPL-92488	Remote search log warning messages from acceleration due to long search strings. Workaround: turn off truncation on indexers in `etc/system/local/props.conf` as shown: `[splunkd_remote_searches]` `TRUNCATE = 0`
2013-10-11	CIM-85	Inconsistent use of url and uri in Web data model fields.

The index definition cim_summary is deprecated and is only used to support backward compatibility with upgraded versions of Enterprise Security. The index definition will be removed in a future release.

The Splunk Common Information Model Add-on does not incorporate any third-party software or libraries.