Check if your data is CIM-compliant with the Common Information Model Compliance Check dashboard
Use the Common Information Model (CIM) Compliance Check dashboard to see if your data is CIM-compliant. This dashboard checks CIM compliance by comparing the most common field values against a regular expression. It aggregates those fields per-product and tells you how those products are doing with CIM compliance. To use this dashboard in Splunk Security Essentials, navigate to the main menu, Security Operations > CIM Compliance Check.
In order to start using this dashboard, you must set up Data Inventory introspection. For more information about setting up Data Inventory introspection, see Configure the products you have in your environment with the Data Inventory dashboard.
In this dashboard, there is a list of the products that you configured in Splunk Security Essentials broken out by data source category and the CIM compliance status of each key field for that DSC. If you expand the row, you can also see the actual values returned when searching that data.
Aggregate risk attributions with the Analyze ES Risk Attributions dashboard | Configure the products you have in your environment with the Data Inventory dashboard |
This documentation applies to the following versions of Splunk® Security Essentials: 3.7.1, 3.8.0, 3.8.1
Feedback submitted, thanks!