Skip to content
/ TA-eset-ra Public

Eset Remote Administrator TA for Splunk

License

MIT license
8 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

UnderDefense/TA-eset-ra

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README
README
 
 
default
default
 
 
local
local
 
 
lookups
lookups
 
 
metadata
metadata
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app.manifest
app.manifest
 
 

Repository files navigation

Eset Remote Administrator TA for Splunk

Overview

This TA for Splunk provide fields extractions from Eset Remote Administrator logs and mapping to the Malware CIM

Details

Eset Remote Administrator TA for Splunk. Fields extractions and CIM mapping

Configurations

  • Install this TA from splunkbase or manually on your search heads
  • Configure port listening in Data Inputs
  • Enjoy your data!

Recommendations

We recommend to separate your data and create index specially for this TA.

Updates history

[1.0.0]

  • Initial release
  • Data model mapping Malware -> Blocked
  • Some problems with timestamp
  • Actions "cleaned by deleting", "connection terminated" and "deleted" = action "blocked" for good CIM mapping

About

Eset Remote Administrator TA for Splunk

Topics

splunk addon eset cim

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

8 stars

Watchers

7 watching

Forks

1 fork
Report repository

Releases 2

1.0.0 Latest
Jan 26, 2018
+ 1 release

Packages

No packages published

Languages