hire-vladimir
commented
6 years ago Hi @kmfpo, What is the specific ask of this issue? Most of the data models that you mention ship specifically with ES / not part of the Splunk_SA_CIM app. The _cimvladiator app works with any datamodel, be it form Splunk_SA_CIM, premium Splunk app such as ES, or user defined to accommodate broad number of validation use-cases.
While using the app, came across the following:
Domain Analysis - not official data model Compute Inventory - that's the name of the .json file, can it be named "Inventory" like official documentation? Identity Management - not official data model Incident Management - not official data model, changed to Ticket Management? Risk - not official data model Threat Intelligence - not official data model