hire-vladimir / SA-cim_vladiator

Data validator agains Splunk Common Information Model (CIM)
Apache License 2.0
75 stars 35 forks source link

Multiple data model names conflicting with Splunk CIM listing #15

Open kmfpo opened 6 years ago

kmfpo commented 6 years ago

While using the app, came across the following:

Domain Analysis - not official data model Compute Inventory - that's the name of the .json file, can it be named "Inventory" like official documentation? Identity Management - not official data model Incident Management - not official data model, changed to Ticket Management? Risk - not official data model Threat Intelligence - not official data model

hire-vladimir commented 6 years ago

Hi @kmfpo, What is the specific ask of this issue? Most of the data models that you mention ship specifically with ES / not part of the Splunk_SA_CIM app. The _cimvladiator app works with any datamodel, be it form Splunk_SA_CIM, premium Splunk app such as ES, or user defined to accommodate broad number of validation use-cases.