Splunk® Supported Add-ons

Splunk Add-on for RSA SecurID

Release notes for the Splunk Add-on for RSA SecurID

Version 1.4.0 of the Splunk Add-on for RSA SecureID was released on July 19, 2022. It is compatible with the following software, CIM versions, and platforms.

Splunk platform versions 8.1, 8.2, 9.0
CIM 5.0.1
Platforms Platform independent
Vendor Products RSA Authentication Manager 7.1, RSA Authentication Manager 8.1, RSA Authentication Manager 8.4, RSA Authentication Manager 8.5.0.3 , RSA Authentication Manager 8.6


New features

Version 1.4.0 of the Splunk Add-on for RSA SecurID has the following new features.

  • Support of RSA Authentication Manager v8.6
  • Support of CIM v5.0.1
  • Below mentioned table indicates the data model support added for respective vendor_action_id
vendor_action_id Data Model support added in this release
16042, 16294, 20113, 16160 Alerts
13002 Authentication
30035, 23027, 16037, 16038, 16148, 16151, 20293, 20295, 26250, 26251, 26253, 26255, 26258, 26264, 20017, 10209 Change.All_Changes
  • Corrected the extractions for user, user_name, src_user fields and added new field extraction for src_user_name field.
  • Corrected the extractions for file_name, service, service_name and recipient fields.
  • Corrected Data Model mapping for START_SERVICE, STOP_SERVICE events from Endpoint to Change Data Model and removed the eventtype - rsa_securid_syslog_system_endpoint_services_event.
  • Removed the lookup rsa_securid_status_start_mode_field.csv as it is not useful anymore.


Fixed issues

Version 1.4.0 of the Splunk Add-on for RSA SecurID contains the following fixed issues.


Known issues

Version 1.4.0 of the Splunk Add-on for RSA SecurID contains the following known issues.


Third-party software attributions

Version 1.4.0 of the Splunk Add-on for RSA SecurID does not incorporate any third-party software or libraries.

Last modified on 26 July, 2022
Source types for the Splunk Add-on for RSA SecurID   Release history for the Splunk Add-on for RSA SecurID

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters