Skip to content
/ TA-eset-ra Public

Eset Remote Administrator TA for Splunk

License

MIT license
8 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

UnderDefense/TA-eset-ra

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

README

README

 
 

default

default

 
 

local

local

 
 

lookups

lookups

 
 

metadata

metadata

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

app.manifest

app.manifest

 
 

Repository files navigation

Eset Remote Administrator TA for Splunk

Overview

This TA for Splunk provide fields extractions from Eset Remote Administrator logs and mapping to the Malware CIM

Details

Eset Remote Administrator TA for Splunk. Fields extractions and CIM mapping

Configurations

  • Install this TA from splunkbase or manually on your search heads
  • Configure port listening in Data Inputs
  • Enjoy your data!

Recommendations

We recommend to separate your data and create index specially for this TA.

Updates history

[1.0.0]

  • Initial release
  • Data model mapping Malware -> Blocked
  • Some problems with timestamp
  • Actions "cleaned by deleting", "connection terminated" and "deleted" = action "blocked" for good CIM mapping

About

Eset Remote Administrator TA for Splunk

Topics

splunk addon eset cim

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

8 stars

Watchers

7 watching

Forks

1 fork
Report repository

Releases 2

1.0.0 Latest
Jan 26, 2018
+ 1 release

Packages

No packages published

Languages