datamodel,modelName,nodeName,tags,"_timediff",app,"data_source_category",version
"Alerts.Alerts",Alerts,Alerts,alert,,"Splunk_SA_CIM","DS020HostIntrustionDetection-ET01SigDetected","5.1.1"
Alerts,Alerts,,alert,,"Splunk_SA_CIM","DS020HostIntrustionDetection-ET01SigDetected","5.1.1"
"Application_State.All_Application_State","Application_State","All_Application_State",,,"Splunk_SA_CIM",,"5.1.1"
"Application_State.Ports","Application_State",Ports,"listening,port",,"Splunk_SA_CIM",,"5.1.1"
"Application_State.Processes","Application_State",Processes,"process,report",,"Splunk_SA_CIM",,"5.1.1"
"Application_State.Services","Application_State",Services,"service,report",,"Splunk_SA_CIM",,"5.1.1"
"Application_State","Application_State",,,,"Splunk_SA_CIM",,"5.1.1"
"Authentication.Authentication",Authentication,Authentication,authentication,,"Splunk_SA_CIM","DS003Authentication-ET01Success|DS003Authentication-ET01SuccessDefault|DS003Authentication-ET01SuccessInsecure|DS003Authentication-ET02Failure|DS003Authentication-ET02FailureBadFactor|DS003Authentication-ET02FailureError|DS003Authentication-ET02FailureUnknownAccount","5.1.1"
"Authentication.Failed_Authentication",Authentication,"Failed_Authentication",authentication,,"Splunk_SA_CIM","DS003Authentication-ET02Failure","5.1.1"
"Authentication.Successful_Authentication",Authentication,"Successful_Authentication",authentication,,"Splunk_SA_CIM","DS003Authentication-ET01Success","5.1.1"
"Authentication.Default_Authentication",Authentication,"Default_Authentication","authentication,default",,"Splunk_SA_CIM",,"5.1.1"
"Authentication.Failed_Default_Authentication",Authentication,"Failed_Default_Authentication","authentication,default",,"Splunk_SA_CIM",,"5.1.1"
"Authentication.Successful_Default_Authentication",Authentication,"Successful_Default_Authentication","authentication,default",,"Splunk_SA_CIM","DS003Authentication-ET01SuccessDefault","5.1.1"
"Authentication.Insecure_Authentication",Authentication,"Insecure_Authentication","authentication,insecure",,"Splunk_SA_CIM","DS003Authentication-ET01SuccessInsecure","5.1.1"
"Authentication.Privileged_Authentication",Authentication,"Privileged_Authentication","authentication,privileged",,"Splunk_SA_CIM",,"5.1.1"
"Authentication.Failed_Privileged_Authentication",Authentication,"Failed_Privileged_Authentication","authentication,privileged",,"Splunk_SA_CIM",,"5.1.1"
"Authentication.Successful_Privileged_Authentication",Authentication,"Successful_Privileged_Authentication","authentication,privileged",,"Splunk_SA_CIM",,"5.1.1"
Authentication,Authentication,,authentication,,"Splunk_SA_CIM","DS003Authentication-ET01Success|DS003Authentication-ET01SuccessDefault|DS003Authentication-ET01SuccessInsecure|DS003Authentication-ET02Failure|DS003Authentication-ET02FailureBadFactor|DS003Authentication-ET02FailureError|DS003Authentication-ET02FailureUnknownAccount","5.1.1"
"Certificates.All_Certificates",Certificates,"All_Certificates",certificate,,"Splunk_SA_CIM","DS041Certificates-ET01All","5.1.1"
"Certificates.SSL",Certificates,SSL,"certificate,ssl",,"Splunk_SA_CIM",,"5.1.1"
Certificates,Certificates,,certificate,,"Splunk_SA_CIM","DS041Certificates-ET01All","5.1.1"
"Change.All_Changes",Change,"All_Changes",change,,"Splunk_SA_CIM","DS037Change-ET01Change|DS037Change-ET02ChangeAccount|DS037Change-ET02ChangeAuditing|DS037Change-ET02ChangeNetwork","5.1.1"
"Change.Auditing_Changes",Change,"Auditing_Changes","change,audit",,"Splunk_SA_CIM","DS037Change-ET02ChangeAuditing","5.1.1"
"Change.Endpoint_Changes",Change,"Endpoint_Changes","change,endpoint",,"Splunk_SA_CIM",,"5.1.1"
"Change.Endpoint_Restarts",Change,"Endpoint_Restarts","change,endpoint",,"Splunk_SA_CIM",,"5.1.1"
"Change.Other_Endpoint_Changes",Change,"Other_Endpoint_Changes","change,endpoint",,"Splunk_SA_CIM",,"5.1.1"
"Change.Network_Changes",Change,"Network_Changes","change,network",,"Splunk_SA_CIM","DS010NetworkCommunication-ET02State|DS037Change-ET02ChangeNetwork","5.1.1"
"Change.Device_Restarts",Change,"Device_Restarts","change,network",,"Splunk_SA_CIM",,"5.1.1"
"Change.Account_Management",Change,"Account_Management","change,account",,"Splunk_SA_CIM","DS037Change-ET02ChangeAccount","5.1.1"
"Change.Accounts_Created",Change,"Accounts_Created","change,account",,"Splunk_SA_CIM",,"5.1.1"
"Change.Accounts_Deleted",Change,"Accounts_Deleted","change,account",,"Splunk_SA_CIM",,"5.1.1"
"Change.Account_Lockouts",Change,"Account_Lockouts","change,account",,"Splunk_SA_CIM",,"5.1.1"
"Change.Accounts_Updated",Change,"Accounts_Updated","change,account",,"Splunk_SA_CIM",,"5.1.1"
"Change.Instance_Changes",Change,"Instance_Changes","change,instance",,"Splunk_SA_CIM",,"5.1.1"
Change,Change,,change,,"Splunk_SA_CIM","DS037Change-ET01Change|DS037Change-ET02ChangeAccount|DS037Change-ET02ChangeAuditing|DS037Change-ET02ChangeNetwork","5.1.1"
"Change_Analysis.All_Changes","Change_Analysis","All_Changes",change,,"Splunk_SA_CIM",,"5.1.1"
"Change_Analysis.Auditing_Changes","Change_Analysis","Auditing_Changes","change,audit",,"Splunk_SA_CIM",,"5.1.1"
"Change_Analysis.Endpoint_Changes","Change_Analysis","Endpoint_Changes","change,endpoint",,"Splunk_SA_CIM",,"5.1.1"
"Change_Analysis.Filesystem_Changes","Change_Analysis","Filesystem_Changes","change,endpoint",,"Splunk_SA_CIM",,"5.1.1"
"Change_Analysis.Registry_Changes","Change_Analysis","Registry_Changes","change,endpoint",,"Splunk_SA_CIM",,"5.1.1"
"Change_Analysis.Endpoint_Restarts","Change_Analysis","Endpoint_Restarts","change,endpoint",,"Splunk_SA_CIM",,"5.1.1"
"Change_Analysis.Other_Endpoint_Changes","Change_Analysis","Other_Endpoint_Changes","change,endpoint",,"Splunk_SA_CIM",,"5.1.1"
"Change_Analysis.Network_Changes","Change_Analysis","Network_Changes","change,network",,"Splunk_SA_CIM",,"5.1.1"
"Change_Analysis.Device_Restarts","Change_Analysis","Device_Restarts","change,network",,"Splunk_SA_CIM",,"5.1.1"
"Change_Analysis.Account_Management","Change_Analysis","Account_Management","change,account",,"Splunk_SA_CIM",,"5.1.1"
"Change_Analysis.Accounts_Created","Change_Analysis","Accounts_Created","change,account",,"Splunk_SA_CIM",,"5.1.1"
"Change_Analysis.Accounts_Deleted","Change_Analysis","Accounts_Deleted","change,account",,"Splunk_SA_CIM",,"5.1.1"
"Change_Analysis.Account_Lockouts","Change_Analysis","Account_Lockouts","change,account",,"Splunk_SA_CIM",,"5.1.1"
"Change_Analysis.Accounts_Updated","Change_Analysis","Accounts_Updated","change,account",,"Splunk_SA_CIM",,"5.1.1"
"Change_Analysis","Change_Analysis",,change,,"Splunk_SA_CIM","DS009EndPointIntel-ET05ObjectChangeRemovableStorage","5.1.1"
"Cloud_Infrastructure.Compute","Cloud_Infrastructure",Compute,"cloud,compute,infrastructure",,"cloud-datamodel-security-research","DS036CloudInfrastructure-ET01Compute","1.1"
"Cloud_Infrastructure.Storage","Cloud_Infrastructure",Storage,"cloud,storage,infrastructure",,"cloud-datamodel-security-research","DS036CloudInfrastructure-ET02Storage","1.1"
"Cloud_Infrastructure.Traffic","Cloud_Infrastructure",Traffic,"cloud,network,traffic,infrastructure",,"cloud-datamodel-security-research","DS036CloudInfrastructure-ET03Traffic","1.1"
"Cloud_Infrastructure.Authentication","Cloud_Infrastructure",Authentication,"cloud,authentication,infrastructure",,"cloud-datamodel-security-research","DS036CloudInfrastructure-ET04Authentication","1.1"
"Cloud_Infrastructure","Cloud_Infrastructure",,"cloud,compute,infrastructure",,"cloud-datamodel-security-research",,"1.1"
"Compute_Inventory.All_Inventory","Compute_Inventory","All_Inventory",,,"Splunk_SA_CIM","DS039ComputeInventory-ET01Inventory","5.1.1"
"Compute_Inventory.CPU","Compute_Inventory",CPU,"inventory,cpu",,"Splunk_SA_CIM",,"5.1.1"
"Compute_Inventory.Memory","Compute_Inventory",Memory,"inventory,memory",,"Splunk_SA_CIM",,"5.1.1"
"Compute_Inventory.Network","Compute_Inventory",Network,"inventory,network",,"Splunk_SA_CIM",,"5.1.1"
"Compute_Inventory.Storage","Compute_Inventory",Storage,"inventory,storage",,"Splunk_SA_CIM",,"5.1.1"
"Compute_Inventory.OS","Compute_Inventory",OS,"inventory,system,version",,"Splunk_SA_CIM",,"5.1.1"
"Compute_Inventory.User","Compute_Inventory",User,"inventory,user",,"Splunk_SA_CIM",,"5.1.1"
"Compute_Inventory.Cleartext_Passwords","Compute_Inventory","Cleartext_Passwords","inventory,user",,"Splunk_SA_CIM","DS039ComputeInventory-ET01InventoryCleartext_Passwords","5.1.1"
"Compute_Inventory.Default_Accounts","Compute_Inventory","Default_Accounts","inventory,user,default",,"Splunk_SA_CIM","DS039ComputeInventory-ET01InventoryDefaultUser","5.1.1"
"Compute_Inventory.Virtual_OS","Compute_Inventory","Virtual_OS","inventory,virtual",,"Splunk_SA_CIM",,"5.1.1"
"Compute_Inventory.Snapshot","Compute_Inventory",Snapshot,"inventory,virtual,snapshot",,"Splunk_SA_CIM",,"5.1.1"
"Compute_Inventory.Tools","Compute_Inventory",Tools,"inventory,virtual,tools",,"Splunk_SA_CIM",,"5.1.1"
"Compute_Inventory","Compute_Inventory",,,,"Splunk_SA_CIM","DS039ComputeInventory-ET01Inventory","5.1.1"
"DLP.DLP_Incidents",DLP,"DLP_Incidents","dlp,incident",,"Splunk_SA_CIM","DS016DataLossPrevention-ET01Violation","5.1.1"
DLP,DLP,,"dlp,incident",,"Splunk_SA_CIM","DS016DataLossPrevention-ET01Violation","5.1.1"
"Data_Access.Data_Access","Data_Access","Data_Access","data,access",,"Splunk_SA_CIM",,"5.1.1"
"Data_Access","Data_Access",,"data,access",,"Splunk_SA_CIM",,"5.1.1"
"Databases.All_Databases",Databases,"All_Databases",database,,"Splunk_SA_CIM","DS029DatabaseServer-ET01General","5.1.1"
"Databases.Database_Instance",Databases,"Database_Instance","database,instance",,"Splunk_SA_CIM",,"5.1.1"
"Databases.Instance_Stats",Databases,"Instance_Stats","database,instance,stats",,"Splunk_SA_CIM",,"5.1.1"
"Databases.Session_Info",Databases,"Session_Info","database,instance,session",,"Splunk_SA_CIM",,"5.1.1"
"Databases.Lock_Info",Databases,"Lock_Info","database,instance,lock",,"Splunk_SA_CIM",,"5.1.1"
"Databases.Database_Query",Databases,"Database_Query","database,query",,"Splunk_SA_CIM",,"5.1.1"
"Databases.Tablespace",Databases,Tablespace,"database,query,tablespace",,"Splunk_SA_CIM",,"5.1.1"
"Databases.Query_Stats",Databases,"Query_Stats","database,query,stats",,"Splunk_SA_CIM",,"5.1.1"
Databases,Databases,,database,,"Splunk_SA_CIM",,"5.1.1"
"Domain_Analysis.All_Domains","Domain_Analysis","All_Domains",,,"SA-NetworkProtection",,"6.6.0"
"Domain_Analysis.Missing_Extractions_All_Domains","Domain_Analysis","Missing_Extractions_All_Domains",,,"SA-NetworkProtection",,"6.6.0"
"Domain_Analysis","Domain_Analysis",,,,"SA-NetworkProtection",,"6.6.0"
"Email.All_Email",Email,"All_Email",email,,"Splunk_SA_CIM","DS001MAIL-ET01Access|DS001MAIL-ET02Receive|DS001MAIL-ET03Send","5.1.1"
"Email.Delivery",Email,Delivery,"email,delivery",,"Splunk_SA_CIM",,"5.1.1"
"Email.Content",Email,Content,"email,content",,"Splunk_SA_CIM",,"5.1.1"
"Email.Filtering",Email,Filtering,"email,filter",,"Splunk_SA_CIM",,"5.1.1"
Email,Email,,email,,"Splunk_SA_CIM","DS001MAIL-ET01Access|DS001MAIL-ET02Receive|DS001MAIL-ET03Send","5.1.1"
"Endpoint.Ports",Endpoint,Ports,"listening,port",,"Splunk_SA_CIM","DS009EndPointIntel-ET06ListeningPorts","5.1.1"
"Endpoint.Processes",Endpoint,Processes,"process,report",,"Splunk_SA_CIM","DS009EndPointIntel-ET01ProcessLaunch|DS009EndPointIntel-ET03ProcessLaunchwithCLI|DS009EndPointIntel-ET04ProcessLaunchWithHash","5.1.1"
"Endpoint.Services",Endpoint,Services,"service,report",,"Splunk_SA_CIM","DS009EndPointIntel-ET07Service","5.1.1"
"Endpoint.Filesystem",Endpoint,Filesystem,"endpoint,filesystem",,"Splunk_SA_CIM","DS009EndPointIntel-ET01ObjectChange","5.1.1"
"Endpoint.Registry",Endpoint,Registry,"endpoint,registry",,"Splunk_SA_CIM","DS009EndPointIntel-ET01ObjectChange","5.1.1"
Endpoint,Endpoint,,"listening,port",,"Splunk_SA_CIM",,"5.1.1"
"Event_Signatures.Signatures","Event_Signatures",Signatures,"track_event_signatures",,"Splunk_SA_CIM",,"5.1.1"
"Event_Signatures","Event_Signatures",,"track_event_signatures",,"Splunk_SA_CIM",,"5.1.1"
"Identity_Management.All_Assets","Identity_Management","All_Assets",,,"SA-IdentityManagement","DS008HRMasterData-ET01Asset","6.6.0"
"Identity_Management.High_Critical_Assets","Identity_Management","High_Critical_Assets",,,"SA-IdentityManagement",,"6.6.0"
"Identity_Management.Expected_Assets","Identity_Management","Expected_Assets",,,"SA-IdentityManagement",,"6.6.0"
"Identity_Management.Should_Timesync_Assets","Identity_Management","Should_Timesync_Assets",,,"SA-IdentityManagement",,"6.6.0"
"Identity_Management.Should_Update_Assets","Identity_Management","Should_Update_Assets",,,"SA-IdentityManagement",,"6.6.0"
"Identity_Management.Requires_AV_Assets","Identity_Management","Requires_AV_Assets",,,"SA-IdentityManagement",,"6.6.0"
"Identity_Management.All_Identities","Identity_Management","All_Identities",,,"SA-IdentityManagement","DS008HRMasterData-ET01Identity","6.6.0"
"Identity_Management.High_Critical_Identities","Identity_Management","High_Critical_Identities",,,"SA-IdentityManagement",,"6.6.0"
"Identity_Management.New_Identities","Identity_Management","New_Identities",,,"SA-IdentityManagement",,"6.6.0"
"Identity_Management.Identities_Expiring_Soon","Identity_Management","Identities_Expiring_Soon",,,"SA-IdentityManagement",,"6.6.0"
"Identity_Management.Expired_Identities","Identity_Management","Expired_Identities",,,"SA-IdentityManagement",,"6.6.0"
"Identity_Management.Watchlisted_Identities","Identity_Management","Watchlisted_Identities",,,"SA-IdentityManagement",,"6.6.0"
"Identity_Management.Expired_Identity_Activity","Identity_Management","Expired_Identity_Activity",,,"SA-IdentityManagement","DS008HRMasterData-ET01ExpiredIdentity","6.6.0"
"Identity_Management","Identity_Management",,,,"SA-IdentityManagement","DS008HRMasterData-ET01Asset|DS008HRMasterData-ET01Identity|DS008HRMasterData-ET01Joined","6.6.0"
"Incident_Management.Notable_Events_Meta","Incident_Management","Notable_Events_Meta",,,"SA-ThreatIntelligence",,"6.6.0"
"Incident_Management.Notable_Events","Incident_Management","Notable_Events",,,"SA-ThreatIntelligence",,"6.6.0"
"Incident_Management.Suppressed_Notable_Events","Incident_Management","Suppressed_Notable_Events",,,"SA-ThreatIntelligence",,"6.6.0"
"Incident_Management.Incident_Review","Incident_Management","Incident_Review",,,"SA-ThreatIntelligence",,"6.6.0"
"Incident_Management.Correlation_Search_Lookups","Incident_Management","Correlation_Search_Lookups",,,"SA-ThreatIntelligence",,"6.6.0"
"Incident_Management.Correlation_Searches","Incident_Management","Correlation_Searches",,,"SA-ThreatIntelligence",,"6.6.0"
"Incident_Management.Notable_Owners","Incident_Management","Notable_Owners",,,"SA-ThreatIntelligence",,"6.6.0"
"Incident_Management.Review_Statuses","Incident_Management","Review_Statuses",,,"SA-ThreatIntelligence",,"6.6.0"
"Incident_Management.Security_Domains","Incident_Management","Security_Domains",,,"SA-ThreatIntelligence",,"6.6.0"
"Incident_Management.Urgencies","Incident_Management",Urgencies,,,"SA-ThreatIntelligence",,"6.6.0"
"Incident_Management.Notable_Event_Suppressions","Incident_Management","Notable_Event_Suppressions",,,"SA-ThreatIntelligence",,"6.6.0"
"Incident_Management.Suppression_Audit","Incident_Management","Suppression_Audit",,,"SA-ThreatIntelligence",,"6.6.0"
"Incident_Management.Suppression_Audit_Expired","Incident_Management","Suppression_Audit_Expired",,,"SA-ThreatIntelligence",,"6.6.0"
"Incident_Management.Suppression_Eventtypes","Incident_Management","Suppression_Eventtypes",,,"SA-ThreatIntelligence",,"6.6.0"
"Incident_Management","Incident_Management",,,,"SA-ThreatIntelligence",,"6.6.0"
"Interprocess_Messaging.All_Messaging","Interprocess_Messaging","All_Messaging",messaging,,"Splunk_SA_CIM",,"5.1.1"
"Interprocess_Messaging","Interprocess_Messaging",,messaging,,"Splunk_SA_CIM",,"5.1.1"
"Intrusion_Detection.IDS_Attacks","Intrusion_Detection","IDS_Attacks","ids,attack",,"Splunk_SA_CIM","DS012NetworkIntrusionDetection-ET01SigDetection","5.1.1"
"Intrusion_Detection.Application_IDS_Attacks","Intrusion_Detection","Application_IDS_Attacks","ids,attack",,"Splunk_SA_CIM","DS026WebApplicationFW-ET01General","5.1.1"
"Intrusion_Detection.Host_IDS_Attacks","Intrusion_Detection","Host_IDS_Attacks","ids,attack",,"Splunk_SA_CIM","DS020HostIntrustionDetection-ET01SigDetected","5.1.1"
"Intrusion_Detection.Network_IDS_Attacks","Intrusion_Detection","Network_IDS_Attacks","ids,attack",,"Splunk_SA_CIM",,"5.1.1"
"Intrusion_Detection","Intrusion_Detection",,"ids,attack",,"Splunk_SA_CIM",,"5.1.1"
"JVM.JVM",JVM,JVM,jvm,,"Splunk_SA_CIM",,"5.1.1"
"JVM.Threading",JVM,Threading,"jvm,threading",,"Splunk_SA_CIM",,"5.1.1"
"JVM.Runtime",JVM,Runtime,"jvm,runtime",,"Splunk_SA_CIM",,"5.1.1"
"JVM.OS",JVM,OS,"jvm,os",,"Splunk_SA_CIM",,"5.1.1"
"JVM.Compilation",JVM,Compilation,"jvm,compilation",,"Splunk_SA_CIM",,"5.1.1"
"JVM.Classloading",JVM,Classloading,"jvm,classloading",,"Splunk_SA_CIM",,"5.1.1"
"JVM.Memory",JVM,Memory,"jvm,memory",,"Splunk_SA_CIM",,"5.1.1"
JVM,JVM,,jvm,,"Splunk_SA_CIM",,"5.1.1"
"Malware.Malware_Attacks",Malware,"Malware_Attacks","malware,attack",,"Splunk_SA_CIM","DS004EndPointAntiMalware-ET01SigDetected","5.1.1"
"Malware.Allowed_Malware",Malware,"Allowed_Malware","malware,attack",,"Splunk_SA_CIM",,"5.1.1"
"Malware.Blocked_Malware",Malware,"Blocked_Malware","malware,attack",,"Splunk_SA_CIM",,"5.1.1"
"Malware.Deferred_Malware",Malware,"Deferred_Malware","malware,attack",,"Splunk_SA_CIM",,"5.1.1"
"Malware.Malware_Operations",Malware,"Malware_Operations","malware,operations",,"Splunk_SA_CIM","DS004EndPointAntiMalware-ET02UpdatedSig|DS004EndPointAntiMalware-ET03UpdatedEng","5.1.1"
Malware,Malware,,"malware,attack",,"Splunk_SA_CIM","DS004EndPointAntiMalware-ET01SigDetected","5.1.1"
"Network_Resolution.DNS","Network_Resolution",DNS,"network,resolution,dns",,"Splunk_SA_CIM","DS002DNS-ET01Query|DS002DNS-ET01QueryRequest|DS002DNS-ET01QueryResponse","5.1.1"
"Network_Resolution","Network_Resolution",,"network,resolution,dns",,"Splunk_SA_CIM","DS002DNS-ET01Query|DS002DNS-ET01QueryRequest|DS002DNS-ET01QueryResponse","5.1.1"
"Network_Sessions.All_Sessions","Network_Sessions","All_Sessions","network,session",,"Splunk_SA_CIM",,"5.1.1"
"Network_Sessions.Session_Start","Network_Sessions","Session_Start","network,session,start",,"Splunk_SA_CIM",,"5.1.1"
"Network_Sessions.Session_End","Network_Sessions","Session_End","network,session,end",,"Splunk_SA_CIM",,"5.1.1"
"Network_Sessions.DHCP","Network_Sessions",DHCP,"network,session,dhcp",,"Splunk_SA_CIM","DS025IPAddressAssignment-ET01General","5.1.1"
"Network_Sessions.VPN","Network_Sessions",VPN,"network,session,vpn",,"Splunk_SA_CIM",,"5.1.1"
"Network_Sessions","Network_Sessions",,"network,session",,"Splunk_SA_CIM","DS025IPAddressAssignment-ET01General","5.1.1"
"Network_Traffic.All_Traffic","Network_Traffic","All_Traffic","network,communicate",,"Splunk_SA_CIM","DS010NetworkCommunication-ET01Traffic|DS010NetworkCommunication-ET01TrafficAppAware|DS010NetworkCommunication-ET03UserAware|DS031ApplicationLoadBalancer-ET01General|DS032DNSGlobalLoadBalancer-ET01General","5.1.1"
"Network_Traffic.Traffic_By_Action","Network_Traffic","Traffic_By_Action","network,communicate",,"Splunk_SA_CIM",,"5.1.1"
"Network_Traffic.Allowed_Traffic","Network_Traffic","Allowed_Traffic","network,communicate",,"Splunk_SA_CIM","DS010NetworkCommunication-ET01TrafficAllowed","5.1.1"
"Network_Traffic.Blocked_Traffic","Network_Traffic","Blocked_Traffic","network,communicate",,"Splunk_SA_CIM","DS010NetworkCommunication-ET01TrafficBlocked","5.1.1"
"Network_Traffic","Network_Traffic",,"network,communicate",,"Splunk_SA_CIM","DS010NetworkCommunication-ET01Traffic|DS010NetworkCommunication-ET01TrafficAppAware|DS010NetworkCommunication-ET03UserAware","5.1.1"
"Performance.All_Performance",Performance,"All_Performance",,,"Splunk_SA_CIM","DS022HostPerformance-ET01General","5.1.1"
"Performance.CPU",Performance,CPU,"performance,cpu",,"Splunk_SA_CIM",,"5.1.1"
"Performance.Facilities",Performance,Facilities,"performance,facilities",,"Splunk_SA_CIM",,"5.1.1"
"Performance.Memory",Performance,Memory,"performance,memory",,"Splunk_SA_CIM",,"5.1.1"
"Performance.Storage",Performance,Storage,"performance,storage",,"Splunk_SA_CIM",,"5.1.1"
"Performance.Network",Performance,Network,"performance,network",,"Splunk_SA_CIM",,"5.1.1"
"Performance.OS",Performance,OS,"performance,os",,"Splunk_SA_CIM",,"5.1.1"
"Performance.Timesync",Performance,Timesync,"performance,os,time,synchronize",,"Splunk_SA_CIM",,"5.1.1"
"Performance.Uptime",Performance,Uptime,"performance,os,uptime",,"Splunk_SA_CIM",,"5.1.1"
Performance,Performance,,,,"Splunk_SA_CIM","DS022HostPerformance-ET01General","5.1.1"
"Risk.All_Risk",Risk,"All_Risk",,,"SA-ThreatIntelligence","DS040RiskModifiers-ET01Risk","6.6.0"
Risk,Risk,,,,"SA-ThreatIntelligence","DS040RiskModifiers-ET01Risk","6.6.0"
"Splunk_Audit.Datamodel_Acceleration","Splunk_Audit","Datamodel_Acceleration",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_Audit.Search_Activity","Splunk_Audit","Search_Activity",,,"Splunk_SA_CIM","VendorSpecific-SplunkSearchActivity","5.1.1"
"Splunk_Audit.Acceleration_Jobs","Splunk_Audit","Acceleration_Jobs",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_Audit.Adhoc_Jobs","Splunk_Audit","Adhoc_Jobs",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_Audit.Failed_Jobs","Splunk_Audit","Failed_Jobs",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_Audit.Realtime_Jobs","Splunk_Audit","Realtime_Jobs",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_Audit.Scheduled_Jobs","Splunk_Audit","Scheduled_Jobs",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_Audit.Subsearch_Jobs","Splunk_Audit","Subsearch_Jobs",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_Audit.Scheduler_Activity","Splunk_Audit","Scheduler_Activity",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_Audit.View_Activity","Splunk_Audit","View_Activity",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_Audit.Web_Service_Errors","Splunk_Audit","Web_Service_Errors",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_Audit.Modular_Actions","Splunk_Audit","Modular_Actions",modaction,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_Audit.Modular_Action_Invocations","Splunk_Audit","Modular_Action_Invocations","modaction,invocation",,"Splunk_SA_CIM",,"5.1.1"
"Splunk_Audit","Splunk_Audit",,,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Alerts","Splunk_CIM_Validation",Alerts,,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Application_State","Splunk_CIM_Validation","Application_State",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Ports","Splunk_CIM_Validation","Missing_Extractions_Ports",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Processes","Splunk_CIM_Validation","Missing_Extractions_Processes",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Services","Splunk_CIM_Validation","Missing_Extractions_Services",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Authentication","Splunk_CIM_Validation",Authentication,,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Authentication","Splunk_CIM_Validation","Missing_Extractions_Authentication",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Certificates","Splunk_CIM_Validation",Certificates,,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Certificates","Splunk_CIM_Validation","Missing_Extractions_Certificates",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Change_Analysis","Splunk_CIM_Validation","Change_Analysis",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Account_Management","Splunk_CIM_Validation","Missing_Extractions_Account_Management",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Endpoint_Changes","Splunk_CIM_Validation","Missing_Extractions_Endpoint_Changes",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Filesystem_Changes","Splunk_CIM_Validation","Missing_Extractions_Filesystem_Changes",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Network_Changes","Splunk_CIM_Validation","Missing_Extractions_Network_Changes",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Restarts","Splunk_CIM_Validation","Missing_Extractions_Restarts",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Compute_Inventory","Splunk_CIM_Validation","Compute_Inventory",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_CPU","Splunk_CIM_Validation","Missing_Extractions_CPU",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Memory","Splunk_CIM_Validation","Missing_Extractions_Memory",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Network","Splunk_CIM_Validation","Missing_Extractions_Network",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Storage","Splunk_CIM_Validation","Missing_Extractions_Storage",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_OS","Splunk_CIM_Validation","Missing_Extractions_OS",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Databases","Splunk_CIM_Validation",Databases,,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Email","Splunk_CIM_Validation",Email,,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_All_Email","Splunk_CIM_Validation","Missing_Extractions_All_Email",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Interprocess_Messaging","Splunk_CIM_Validation","Interprocess_Messaging",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Intrusion_Detection","Splunk_CIM_Validation","Intrusion_Detection",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_IDS","Splunk_CIM_Validation","Missing_Extractions_IDS",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.JVM","Splunk_CIM_Validation",JVM,,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Malware","Splunk_CIM_Validation",Malware,,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Malware_Attacks","Splunk_CIM_Validation","Missing_Extractions_Malware_Attacks",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Malware_Operations","Splunk_CIM_Validation","Missing_Extractions_Malware_Operations",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Network_Resolution","Splunk_CIM_Validation","Network_Resolution",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_DNS","Splunk_CIM_Validation","Missing_Extractions_DNS",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Network_Sessions","Splunk_CIM_Validation","Network_Sessions",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Network_Sessions","Splunk_CIM_Validation","Missing_Extractions_Network_Sessions",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Network_Traffic","Splunk_CIM_Validation","Network_Traffic",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Network_Traffic","Splunk_CIM_Validation","Missing_Extractions_Network_Traffic",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Performance","Splunk_CIM_Validation",Performance,,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Perf_CPU","Splunk_CIM_Validation","Missing_Extractions_Perf_CPU",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Perf_Facilities","Splunk_CIM_Validation","Missing_Extractions_Perf_Facilities",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Perf_Memory","Splunk_CIM_Validation","Missing_Extractions_Perf_Memory",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Perf_Storage","Splunk_CIM_Validation","Missing_Extractions_Perf_Storage",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Perf_Network","Splunk_CIM_Validation","Missing_Extractions_Perf_Network",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Perf_Timesync","Splunk_CIM_Validation","Missing_Extractions_Perf_Timesync",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Perf_Uptime","Splunk_CIM_Validation","Missing_Extractions_Perf_Uptime",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Splunk_Audit","Splunk_CIM_Validation","Splunk_Audit",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Ticket_Management","Splunk_CIM_Validation","Ticket_Management",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_All_Ticket_Managment","Splunk_CIM_Validation","Missing_Extractions_All_Ticket_Managment",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Incident","Splunk_CIM_Validation","Missing_Extractions_Incident",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Problem","Splunk_CIM_Validation","Missing_Extractions_Problem",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Change","Splunk_CIM_Validation","Missing_Extractions_Change",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Updates","Splunk_CIM_Validation",Updates,,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Updates","Splunk_CIM_Validation","Missing_Extractions_Updates",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Vulnerabilities","Splunk_CIM_Validation",Vulnerabilities,,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Vulnerabilities","Splunk_CIM_Validation","Missing_Extractions_Vulnerabilities",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Web","Splunk_CIM_Validation",Web,,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Missing_Extractions_Web","Splunk_CIM_Validation","Missing_Extractions_Web",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Events","Splunk_CIM_Validation","Untagged_Events",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Ports","Splunk_CIM_Validation","Untagged_Ports",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Processes","Splunk_CIM_Validation","Untagged_Processes",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Services","Splunk_CIM_Validation","Untagged_Services",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Authentication","Splunk_CIM_Validation","Untagged_Authentication",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Changes","Splunk_CIM_Validation","Untagged_Changes",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Email","Splunk_CIM_Validation","Untagged_Email",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_IDS","Splunk_CIM_Validation","Untagged_IDS",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Malware_Attacks","Splunk_CIM_Validation","Untagged_Malware_Attacks",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Network_Resolution","Splunk_CIM_Validation","Untagged_Network_Resolution",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Network_Sessions","Splunk_CIM_Validation","Untagged_Network_Sessions",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Network_Traffic","Splunk_CIM_Validation","Untagged_Network_Traffic",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Perf_CPU","Splunk_CIM_Validation","Untagged_Perf_CPU",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Facilities","Splunk_CIM_Validation","Untagged_Facilities",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Memory","Splunk_CIM_Validation","Untagged_Memory",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Storage","Splunk_CIM_Validation","Untagged_Storage",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Network","Splunk_CIM_Validation","Untagged_Network",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_OS","Splunk_CIM_Validation","Untagged_OS",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Updates","Splunk_CIM_Validation","Untagged_Updates",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Vulnerabilities","Splunk_CIM_Validation","Untagged_Vulnerabilities",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation.Untagged_Web","Splunk_CIM_Validation","Untagged_Web",,,"Splunk_SA_CIM",,"5.1.1"
"Splunk_CIM_Validation","Splunk_CIM_Validation",,,,"Splunk_SA_CIM",,"5.1.1"
"Threat_Intelligence.Threat_Activity","Threat_Intelligence","Threat_Activity",,,"DA-ESS-ThreatIntelligence","DS038ThreatIntel-ET01IOCDetected","6.6.0"
"Threat_Intelligence.Certificate_Intelligence","Threat_Intelligence","Certificate_Intelligence",,,"DA-ESS-ThreatIntelligence",,"6.6.0"
"Threat_Intelligence.Email_Intelligence","Threat_Intelligence","Email_Intelligence",,,"DA-ESS-ThreatIntelligence",,"6.6.0"
"Threat_Intelligence.File_Intelligence","Threat_Intelligence","File_Intelligence",,,"DA-ESS-ThreatIntelligence",,"6.6.0"
"Threat_Intelligence.HTTP_Intelligence","Threat_Intelligence","HTTP_Intelligence",,,"DA-ESS-ThreatIntelligence",,"6.6.0"
"Threat_Intelligence.IP_Intelligence","Threat_Intelligence","IP_Intelligence",,,"DA-ESS-ThreatIntelligence",,"6.6.0"
"Threat_Intelligence.Process_Intelligence","Threat_Intelligence","Process_Intelligence",,,"DA-ESS-ThreatIntelligence",,"6.6.0"
"Threat_Intelligence.Registry_Intelligence","Threat_Intelligence","Registry_Intelligence",,,"DA-ESS-ThreatIntelligence",,"6.6.0"
"Threat_Intelligence.Service_Intelligence","Threat_Intelligence","Service_Intelligence",,,"DA-ESS-ThreatIntelligence",,"6.6.0"
"Threat_Intelligence.Threat_Group_Intelligence","Threat_Intelligence","Threat_Group_Intelligence",,,"DA-ESS-ThreatIntelligence",,"6.6.0"
"Threat_Intelligence.User_Intelligence","Threat_Intelligence","User_Intelligence",,,"DA-ESS-ThreatIntelligence",,"6.6.0"
"Threat_Intelligence","Threat_Intelligence",,,,"DA-ESS-ThreatIntelligence","DS038ThreatIntel-ET01IOCDetected","6.6.0"
"Ticket_Management.All_Ticket_Management","Ticket_Management","All_Ticket_Management",ticketing,,"Splunk_SA_CIM","DS013TicketManagement-ET01|DS013TicketManagement-ET02LowLevelEvents","5.1.1"
"Ticket_Management.Change","Ticket_Management",Change,"ticketing,change",,"Splunk_SA_CIM",,"5.1.1"
"Ticket_Management.Incident","Ticket_Management",Incident,"ticketing,incident",,"Splunk_SA_CIM",,"5.1.1"
"Ticket_Management.Problem","Ticket_Management",Problem,"ticketing,problem",,"Splunk_SA_CIM",,"5.1.1"
"Ticket_Management","Ticket_Management",,ticketing,,"Splunk_SA_CIM","DS013TicketManagement-ET01|DS013TicketManagement-ET02LowLevelEvents","5.1.1"
"Updates.Updates",Updates,Updates,"update,status",,"Splunk_SA_CIM",,"5.1.1"
"Updates.Available_Updates",Updates,"Available_Updates","update,status",,"Splunk_SA_CIM","DS019PatchManagement-Eligible","5.1.1"
"Updates.Installed_Updates",Updates,"Installed_Updates","update,status",,"Splunk_SA_CIM","DS019PatchManagement-Applied","5.1.1"
"Updates.Restart_Required_Updates",Updates,"Restart_Required_Updates","update,status",,"Splunk_SA_CIM","DS019PatchManagement-Applied","5.1.1"
"Updates.Update_Errors",Updates,"Update_Errors","update,error",,"Splunk_SA_CIM","DS019PatchManagement-Failed","5.1.1"
Updates,Updates,,"update,status",,"Splunk_SA_CIM","DS019PatchManagement-Applied","5.1.1"
"Vulnerabilities.Vulnerabilities",Vulnerabilities,Vulnerabilities,"vulnerability,report",,"Splunk_SA_CIM","DS018VulnerabilityDetection-ET01SigDetected","5.1.1"
"Vulnerabilities.High_Critical_Vulnerabilities",Vulnerabilities,"High_Critical_Vulnerabilities","vulnerability,report",,"Splunk_SA_CIM",,"5.1.1"
"Vulnerabilities.Medium_Vulnerabilities",Vulnerabilities,"Medium_Vulnerabilities","vulnerability,report",,"Splunk_SA_CIM",,"5.1.1"
"Vulnerabilities.Low_Informational_Vulnerabilities",Vulnerabilities,"Low_Informational_Vulnerabilities","vulnerability,report",,"Splunk_SA_CIM",,"5.1.1"
Vulnerabilities,Vulnerabilities,,"vulnerability,report",,"Splunk_SA_CIM","DS018VulnerabilityDetection-ET01SigDetected","5.1.1"
"Web.Web",Web,Web,web,,"Splunk_SA_CIM","DS005WebProxyRequest-ET01Requested|DS005WebProxyRequest-ET01RequestedWebAppAware","5.1.1"
"Web.Proxy",Web,Proxy,"web,proxy",,"Splunk_SA_CIM",,"5.1.1"
"Web.Storage",Web,Storage,"web,storage",,"Splunk_SA_CIM",,"5.1.1"
Web,Web,,web,,"Splunk_SA_CIM","DS005WebProxyRequest-ET01Requested|DS005WebProxyRequest-ET01RequestedWebAppAware|DS014WebServer-ET01Access","5.1.1"