Splunk® Supported Add-ons

Splunk Add-on for Juniper

Source types for the Splunk Add-on for Juniper

The Splunk Add-on for Juniper can collect the following kinds of events: risks, authentication, alerts, and traffic. The add-on includes the following source types and event types, which map the Juniper data to the Splunk Common Information Model (CIM):

Source type Event type CIM data models
netscreen:firewall netscreen_firewall n/a
netscreen_firewall_communicate Network Traffic
netscreen_firewall_translation_mac_to_ip n/a
netscreen_authentication Authentication
netscreen_authentication_default Authentication - Default_Authentication
netscreen_authentication_privileged Authentication - Privileged_Authentication
netscreen_firewall_modify_policy Change
netscreen_restart n/a
netscreen_alert Alerts
juniper:junos:idp juniper_junos_idp n/a
juniper_junos_idp_attack Intrusion Detection
juniper:junos:idp:structured juniper_junos_idp n/a
juniper_junos_idp_attack Intrusion Detection
juniper:junos:firewall juniper_junos_firewall Network Traffic
juniper_junos_firewall_utm_attack Intrusion Detection
juniper_junos_firewall_web Web
juniper:junos:firewall:structured juniper_junos_firewall Network Traffic
juniper_junos_firewall_utm_attack Intrusion Detection
juniper_junos_firewall_utm_web Web
juniper:junos:aamw:structured juniper_junos_aamw Intrusion Detection
juniper:junos:secintel:structured juniper_junos_secintel Intrusion Detection
juniper:junos:snmp juniper_junos_change_network Change - Network_Changes
Last modified on 25 September, 2023
Troubleshoot the Splunk Add-on for Juniper   Lookups for the Splunk Add-on for Juniper

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters