search

PaloAltoNetworks / Splunk-Apps

Palo Alto Networks App for Splunk leverages the data visibility provided by Palo Alto Networks next-generation firewalls and endpoint security with Splunk's extensive investigation and visualization capabilities to deliver an advanced security reporting and analysis tool.
https://pan.dev/splunk/docs/
ISC License
106 stars 48 forks source link

CIM datamodel mapping for DHCP missing #283

Open webcompas opened 1 year ago

webcompas commented 1 year ago

Feature request description

Currently the Splunk addon doesn't provide the mapping of DHCP events to the CIM datamodel "Network Sessions".

Proposed solution

The Splunk Common Information Model (CIM) provides a datamodel"Network Sessions" to be used for DHCP events. Therefor the corresponding events need to be tagged with "network", "session" and "dhcp". In addition the fields have to be mapped according to CIM fields.

For details see https://docs.splunk.com/Documentation/CIM/5.1.0/User/NetworkSessions

welcome-to-palo-alto-networks[bot] commented 1 year ago

:tada: Thanks for opening your first issue here! Welcome to the community!