You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
35 KiB
35 KiB
| 1 | datamodel | modelName | nodeName | tags | _timediff | app | data_source_category | version |
|---|---|---|---|---|---|---|---|---|
| 2 | Alerts.Alerts | Alerts | Alerts | alert | Splunk_SA_CIM | DS020HostIntrustionDetection-ET01SigDetected | 5.1.1 | |
| 3 | Alerts | Alerts | alert | Splunk_SA_CIM | DS020HostIntrustionDetection-ET01SigDetected | 5.1.1 | ||
| 4 | Application_State.All_Application_State | Application_State | All_Application_State | Splunk_SA_CIM | 5.1.1 | |||
| 5 | Application_State.Ports | Application_State | Ports | listening,port | Splunk_SA_CIM | 5.1.1 | ||
| 6 | Application_State.Processes | Application_State | Processes | process,report | Splunk_SA_CIM | 5.1.1 | ||
| 7 | Application_State.Services | Application_State | Services | service,report | Splunk_SA_CIM | 5.1.1 | ||
| 8 | Application_State | Application_State | Splunk_SA_CIM | 5.1.1 | ||||
| 9 | Authentication.Authentication | Authentication | Authentication | authentication | Splunk_SA_CIM | DS003Authentication-ET01Success|DS003Authentication-ET01SuccessDefault|DS003Authentication-ET01SuccessInsecure|DS003Authentication-ET02Failure|DS003Authentication-ET02FailureBadFactor|DS003Authentication-ET02FailureError|DS003Authentication-ET02FailureUnknownAccount | 5.1.1 | |
| 10 | Authentication.Failed_Authentication | Authentication | Failed_Authentication | authentication | Splunk_SA_CIM | DS003Authentication-ET02Failure | 5.1.1 | |
| 11 | Authentication.Successful_Authentication | Authentication | Successful_Authentication | authentication | Splunk_SA_CIM | DS003Authentication-ET01Success | 5.1.1 | |
| 12 | Authentication.Default_Authentication | Authentication | Default_Authentication | authentication,default | Splunk_SA_CIM | 5.1.1 | ||
| 13 | Authentication.Failed_Default_Authentication | Authentication | Failed_Default_Authentication | authentication,default | Splunk_SA_CIM | 5.1.1 | ||
| 14 | Authentication.Successful_Default_Authentication | Authentication | Successful_Default_Authentication | authentication,default | Splunk_SA_CIM | DS003Authentication-ET01SuccessDefault | 5.1.1 | |
| 15 | Authentication.Insecure_Authentication | Authentication | Insecure_Authentication | authentication,insecure | Splunk_SA_CIM | DS003Authentication-ET01SuccessInsecure | 5.1.1 | |
| 16 | Authentication.Privileged_Authentication | Authentication | Privileged_Authentication | authentication,privileged | Splunk_SA_CIM | 5.1.1 | ||
| 17 | Authentication.Failed_Privileged_Authentication | Authentication | Failed_Privileged_Authentication | authentication,privileged | Splunk_SA_CIM | 5.1.1 | ||
| 18 | Authentication.Successful_Privileged_Authentication | Authentication | Successful_Privileged_Authentication | authentication,privileged | Splunk_SA_CIM | 5.1.1 | ||
| 19 | Authentication | Authentication | authentication | Splunk_SA_CIM | DS003Authentication-ET01Success|DS003Authentication-ET01SuccessDefault|DS003Authentication-ET01SuccessInsecure|DS003Authentication-ET02Failure|DS003Authentication-ET02FailureBadFactor|DS003Authentication-ET02FailureError|DS003Authentication-ET02FailureUnknownAccount | 5.1.1 | ||
| 20 | Certificates.All_Certificates | Certificates | All_Certificates | certificate | Splunk_SA_CIM | DS041Certificates-ET01All | 5.1.1 | |
| 21 | Certificates.SSL | Certificates | SSL | certificate,ssl | Splunk_SA_CIM | 5.1.1 | ||
| 22 | Certificates | Certificates | certificate | Splunk_SA_CIM | DS041Certificates-ET01All | 5.1.1 | ||
| 23 | Change.All_Changes | Change | All_Changes | change | Splunk_SA_CIM | DS037Change-ET01Change|DS037Change-ET02ChangeAccount|DS037Change-ET02ChangeAuditing|DS037Change-ET02ChangeNetwork | 5.1.1 | |
| 24 | Change.Auditing_Changes | Change | Auditing_Changes | change,audit | Splunk_SA_CIM | DS037Change-ET02ChangeAuditing | 5.1.1 | |
| 25 | Change.Endpoint_Changes | Change | Endpoint_Changes | change,endpoint | Splunk_SA_CIM | 5.1.1 | ||
| 26 | Change.Endpoint_Restarts | Change | Endpoint_Restarts | change,endpoint | Splunk_SA_CIM | 5.1.1 | ||
| 27 | Change.Other_Endpoint_Changes | Change | Other_Endpoint_Changes | change,endpoint | Splunk_SA_CIM | 5.1.1 | ||
| 28 | Change.Network_Changes | Change | Network_Changes | change,network | Splunk_SA_CIM | DS010NetworkCommunication-ET02State|DS037Change-ET02ChangeNetwork | 5.1.1 | |
| 29 | Change.Device_Restarts | Change | Device_Restarts | change,network | Splunk_SA_CIM | 5.1.1 | ||
| 30 | Change.Account_Management | Change | Account_Management | change,account | Splunk_SA_CIM | DS037Change-ET02ChangeAccount | 5.1.1 | |
| 31 | Change.Accounts_Created | Change | Accounts_Created | change,account | Splunk_SA_CIM | 5.1.1 | ||
| 32 | Change.Accounts_Deleted | Change | Accounts_Deleted | change,account | Splunk_SA_CIM | 5.1.1 | ||
| 33 | Change.Account_Lockouts | Change | Account_Lockouts | change,account | Splunk_SA_CIM | 5.1.1 | ||
| 34 | Change.Accounts_Updated | Change | Accounts_Updated | change,account | Splunk_SA_CIM | 5.1.1 | ||
| 35 | Change.Instance_Changes | Change | Instance_Changes | change,instance | Splunk_SA_CIM | 5.1.1 | ||
| 36 | Change | Change | change | Splunk_SA_CIM | DS037Change-ET01Change|DS037Change-ET02ChangeAccount|DS037Change-ET02ChangeAuditing|DS037Change-ET02ChangeNetwork | 5.1.1 | ||
| 37 | Change_Analysis.All_Changes | Change_Analysis | All_Changes | change | Splunk_SA_CIM | 5.1.1 | ||
| 38 | Change_Analysis.Auditing_Changes | Change_Analysis | Auditing_Changes | change,audit | Splunk_SA_CIM | 5.1.1 | ||
| 39 | Change_Analysis.Endpoint_Changes | Change_Analysis | Endpoint_Changes | change,endpoint | Splunk_SA_CIM | 5.1.1 | ||
| 40 | Change_Analysis.Filesystem_Changes | Change_Analysis | Filesystem_Changes | change,endpoint | Splunk_SA_CIM | 5.1.1 | ||
| 41 | Change_Analysis.Registry_Changes | Change_Analysis | Registry_Changes | change,endpoint | Splunk_SA_CIM | 5.1.1 | ||
| 42 | Change_Analysis.Endpoint_Restarts | Change_Analysis | Endpoint_Restarts | change,endpoint | Splunk_SA_CIM | 5.1.1 | ||
| 43 | Change_Analysis.Other_Endpoint_Changes | Change_Analysis | Other_Endpoint_Changes | change,endpoint | Splunk_SA_CIM | 5.1.1 | ||
| 44 | Change_Analysis.Network_Changes | Change_Analysis | Network_Changes | change,network | Splunk_SA_CIM | 5.1.1 | ||
| 45 | Change_Analysis.Device_Restarts | Change_Analysis | Device_Restarts | change,network | Splunk_SA_CIM | 5.1.1 | ||
| 46 | Change_Analysis.Account_Management | Change_Analysis | Account_Management | change,account | Splunk_SA_CIM | 5.1.1 | ||
| 47 | Change_Analysis.Accounts_Created | Change_Analysis | Accounts_Created | change,account | Splunk_SA_CIM | 5.1.1 | ||
| 48 | Change_Analysis.Accounts_Deleted | Change_Analysis | Accounts_Deleted | change,account | Splunk_SA_CIM | 5.1.1 | ||
| 49 | Change_Analysis.Account_Lockouts | Change_Analysis | Account_Lockouts | change,account | Splunk_SA_CIM | 5.1.1 | ||
| 50 | Change_Analysis.Accounts_Updated | Change_Analysis | Accounts_Updated | change,account | Splunk_SA_CIM | 5.1.1 | ||
| 51 | Change_Analysis | Change_Analysis | change | Splunk_SA_CIM | DS009EndPointIntel-ET05ObjectChangeRemovableStorage | 5.1.1 | ||
| 52 | Cloud_Infrastructure.Compute | Cloud_Infrastructure | Compute | cloud,compute,infrastructure | cloud-datamodel-security-research | DS036CloudInfrastructure-ET01Compute | 1.1 | |
| 53 | Cloud_Infrastructure.Storage | Cloud_Infrastructure | Storage | cloud,storage,infrastructure | cloud-datamodel-security-research | DS036CloudInfrastructure-ET02Storage | 1.1 | |
| 54 | Cloud_Infrastructure.Traffic | Cloud_Infrastructure | Traffic | cloud,network,traffic,infrastructure | cloud-datamodel-security-research | DS036CloudInfrastructure-ET03Traffic | 1.1 | |
| 55 | Cloud_Infrastructure.Authentication | Cloud_Infrastructure | Authentication | cloud,authentication,infrastructure | cloud-datamodel-security-research | DS036CloudInfrastructure-ET04Authentication | 1.1 | |
| 56 | Cloud_Infrastructure | Cloud_Infrastructure | cloud,compute,infrastructure | cloud-datamodel-security-research | 1.1 | |||
| 57 | Compute_Inventory.All_Inventory | Compute_Inventory | All_Inventory | Splunk_SA_CIM | DS039ComputeInventory-ET01Inventory | 5.1.1 | ||
| 58 | Compute_Inventory.CPU | Compute_Inventory | CPU | inventory,cpu | Splunk_SA_CIM | 5.1.1 | ||
| 59 | Compute_Inventory.Memory | Compute_Inventory | Memory | inventory,memory | Splunk_SA_CIM | 5.1.1 | ||
| 60 | Compute_Inventory.Network | Compute_Inventory | Network | inventory,network | Splunk_SA_CIM | 5.1.1 | ||
| 61 | Compute_Inventory.Storage | Compute_Inventory | Storage | inventory,storage | Splunk_SA_CIM | 5.1.1 | ||
| 62 | Compute_Inventory.OS | Compute_Inventory | OS | inventory,system,version | Splunk_SA_CIM | 5.1.1 | ||
| 63 | Compute_Inventory.User | Compute_Inventory | User | inventory,user | Splunk_SA_CIM | 5.1.1 | ||
| 64 | Compute_Inventory.Cleartext_Passwords | Compute_Inventory | Cleartext_Passwords | inventory,user | Splunk_SA_CIM | DS039ComputeInventory-ET01InventoryCleartext_Passwords | 5.1.1 | |
| 65 | Compute_Inventory.Default_Accounts | Compute_Inventory | Default_Accounts | inventory,user,default | Splunk_SA_CIM | DS039ComputeInventory-ET01InventoryDefaultUser | 5.1.1 | |
| 66 | Compute_Inventory.Virtual_OS | Compute_Inventory | Virtual_OS | inventory,virtual | Splunk_SA_CIM | 5.1.1 | ||
| 67 | Compute_Inventory.Snapshot | Compute_Inventory | Snapshot | inventory,virtual,snapshot | Splunk_SA_CIM | 5.1.1 | ||
| 68 | Compute_Inventory.Tools | Compute_Inventory | Tools | inventory,virtual,tools | Splunk_SA_CIM | 5.1.1 | ||
| 69 | Compute_Inventory | Compute_Inventory | Splunk_SA_CIM | DS039ComputeInventory-ET01Inventory | 5.1.1 | |||
| 70 | DLP.DLP_Incidents | DLP | DLP_Incidents | dlp,incident | Splunk_SA_CIM | DS016DataLossPrevention-ET01Violation | 5.1.1 | |
| 71 | DLP | DLP | dlp,incident | Splunk_SA_CIM | DS016DataLossPrevention-ET01Violation | 5.1.1 | ||
| 72 | Data_Access.Data_Access | Data_Access | Data_Access | data,access | Splunk_SA_CIM | 5.1.1 | ||
| 73 | Data_Access | Data_Access | data,access | Splunk_SA_CIM | 5.1.1 | |||
| 74 | Databases.All_Databases | Databases | All_Databases | database | Splunk_SA_CIM | DS029DatabaseServer-ET01General | 5.1.1 | |
| 75 | Databases.Database_Instance | Databases | Database_Instance | database,instance | Splunk_SA_CIM | 5.1.1 | ||
| 76 | Databases.Instance_Stats | Databases | Instance_Stats | database,instance,stats | Splunk_SA_CIM | 5.1.1 | ||
| 77 | Databases.Session_Info | Databases | Session_Info | database,instance,session | Splunk_SA_CIM | 5.1.1 | ||
| 78 | Databases.Lock_Info | Databases | Lock_Info | database,instance,lock | Splunk_SA_CIM | 5.1.1 | ||
| 79 | Databases.Database_Query | Databases | Database_Query | database,query | Splunk_SA_CIM | 5.1.1 | ||
| 80 | Databases.Tablespace | Databases | Tablespace | database,query,tablespace | Splunk_SA_CIM | 5.1.1 | ||
| 81 | Databases.Query_Stats | Databases | Query_Stats | database,query,stats | Splunk_SA_CIM | 5.1.1 | ||
| 82 | Databases | Databases | database | Splunk_SA_CIM | 5.1.1 | |||
| 83 | Domain_Analysis.All_Domains | Domain_Analysis | All_Domains | SA-NetworkProtection | 6.6.0 | |||
| 84 | Domain_Analysis.Missing_Extractions_All_Domains | Domain_Analysis | Missing_Extractions_All_Domains | SA-NetworkProtection | 6.6.0 | |||
| 85 | Domain_Analysis | Domain_Analysis | SA-NetworkProtection | 6.6.0 | ||||
| 86 | Email.All_Email | All_Email | Splunk_SA_CIM | DS001MAIL-ET01Access|DS001MAIL-ET02Receive|DS001MAIL-ET03Send | 5.1.1 | |||
| 87 | Email.Delivery | Delivery | email,delivery | Splunk_SA_CIM | 5.1.1 | |||
| 88 | Email.Content | Content | email,content | Splunk_SA_CIM | 5.1.1 | |||
| 89 | Email.Filtering | Filtering | email,filter | Splunk_SA_CIM | 5.1.1 | |||
| 90 | Splunk_SA_CIM | DS001MAIL-ET01Access|DS001MAIL-ET02Receive|DS001MAIL-ET03Send | 5.1.1 | |||||
| 91 | Endpoint.Ports | Endpoint | Ports | listening,port | Splunk_SA_CIM | DS009EndPointIntel-ET06ListeningPorts | 5.1.1 | |
| 92 | Endpoint.Processes | Endpoint | Processes | process,report | Splunk_SA_CIM | DS009EndPointIntel-ET01ProcessLaunch|DS009EndPointIntel-ET03ProcessLaunchwithCLI|DS009EndPointIntel-ET04ProcessLaunchWithHash | 5.1.1 | |
| 93 | Endpoint.Services | Endpoint | Services | service,report | Splunk_SA_CIM | DS009EndPointIntel-ET07Service | 5.1.1 | |
| 94 | Endpoint.Filesystem | Endpoint | Filesystem | endpoint,filesystem | Splunk_SA_CIM | DS009EndPointIntel-ET01ObjectChange | 5.1.1 | |
| 95 | Endpoint.Registry | Endpoint | Registry | endpoint,registry | Splunk_SA_CIM | DS009EndPointIntel-ET01ObjectChange | 5.1.1 | |
| 96 | Endpoint | Endpoint | listening,port | Splunk_SA_CIM | 5.1.1 | |||
| 97 | Event_Signatures.Signatures | Event_Signatures | Signatures | track_event_signatures | Splunk_SA_CIM | 5.1.1 | ||
| 98 | Event_Signatures | Event_Signatures | track_event_signatures | Splunk_SA_CIM | 5.1.1 | |||
| 99 | Identity_Management.All_Assets | Identity_Management | All_Assets | SA-IdentityManagement | DS008HRMasterData-ET01Asset | 6.6.0 | ||
| 100 | Identity_Management.High_Critical_Assets | Identity_Management | High_Critical_Assets | SA-IdentityManagement | 6.6.0 | |||
| 101 | Identity_Management.Expected_Assets | Identity_Management | Expected_Assets | SA-IdentityManagement | 6.6.0 | |||
| 102 | Identity_Management.Should_Timesync_Assets | Identity_Management | Should_Timesync_Assets | SA-IdentityManagement | 6.6.0 | |||
| 103 | Identity_Management.Should_Update_Assets | Identity_Management | Should_Update_Assets | SA-IdentityManagement | 6.6.0 | |||
| 104 | Identity_Management.Requires_AV_Assets | Identity_Management | Requires_AV_Assets | SA-IdentityManagement | 6.6.0 | |||
| 105 | Identity_Management.All_Identities | Identity_Management | All_Identities | SA-IdentityManagement | DS008HRMasterData-ET01Identity | 6.6.0 | ||
| 106 | Identity_Management.High_Critical_Identities | Identity_Management | High_Critical_Identities | SA-IdentityManagement | 6.6.0 | |||
| 107 | Identity_Management.New_Identities | Identity_Management | New_Identities | SA-IdentityManagement | 6.6.0 | |||
| 108 | Identity_Management.Identities_Expiring_Soon | Identity_Management | Identities_Expiring_Soon | SA-IdentityManagement | 6.6.0 | |||
| 109 | Identity_Management.Expired_Identities | Identity_Management | Expired_Identities | SA-IdentityManagement | 6.6.0 | |||
| 110 | Identity_Management.Watchlisted_Identities | Identity_Management | Watchlisted_Identities | SA-IdentityManagement | 6.6.0 | |||
| 111 | Identity_Management.Expired_Identity_Activity | Identity_Management | Expired_Identity_Activity | SA-IdentityManagement | DS008HRMasterData-ET01ExpiredIdentity | 6.6.0 | ||
| 112 | Identity_Management | Identity_Management | SA-IdentityManagement | DS008HRMasterData-ET01Asset|DS008HRMasterData-ET01Identity|DS008HRMasterData-ET01Joined | 6.6.0 | |||
| 113 | Incident_Management.Notable_Events_Meta | Incident_Management | Notable_Events_Meta | SA-ThreatIntelligence | 6.6.0 | |||
| 114 | Incident_Management.Notable_Events | Incident_Management | Notable_Events | SA-ThreatIntelligence | 6.6.0 | |||
| 115 | Incident_Management.Suppressed_Notable_Events | Incident_Management | Suppressed_Notable_Events | SA-ThreatIntelligence | 6.6.0 | |||
| 116 | Incident_Management.Incident_Review | Incident_Management | Incident_Review | SA-ThreatIntelligence | 6.6.0 | |||
| 117 | Incident_Management.Correlation_Search_Lookups | Incident_Management | Correlation_Search_Lookups | SA-ThreatIntelligence | 6.6.0 | |||
| 118 | Incident_Management.Correlation_Searches | Incident_Management | Correlation_Searches | SA-ThreatIntelligence | 6.6.0 | |||
| 119 | Incident_Management.Notable_Owners | Incident_Management | Notable_Owners | SA-ThreatIntelligence | 6.6.0 | |||
| 120 | Incident_Management.Review_Statuses | Incident_Management | Review_Statuses | SA-ThreatIntelligence | 6.6.0 | |||
| 121 | Incident_Management.Security_Domains | Incident_Management | Security_Domains | SA-ThreatIntelligence | 6.6.0 | |||
| 122 | Incident_Management.Urgencies | Incident_Management | Urgencies | SA-ThreatIntelligence | 6.6.0 | |||
| 123 | Incident_Management.Notable_Event_Suppressions | Incident_Management | Notable_Event_Suppressions | SA-ThreatIntelligence | 6.6.0 | |||
| 124 | Incident_Management.Suppression_Audit | Incident_Management | Suppression_Audit | SA-ThreatIntelligence | 6.6.0 | |||
| 125 | Incident_Management.Suppression_Audit_Expired | Incident_Management | Suppression_Audit_Expired | SA-ThreatIntelligence | 6.6.0 | |||
| 126 | Incident_Management.Suppression_Eventtypes | Incident_Management | Suppression_Eventtypes | SA-ThreatIntelligence | 6.6.0 | |||
| 127 | Incident_Management | Incident_Management | SA-ThreatIntelligence | 6.6.0 | ||||
| 128 | Interprocess_Messaging.All_Messaging | Interprocess_Messaging | All_Messaging | messaging | Splunk_SA_CIM | 5.1.1 | ||
| 129 | Interprocess_Messaging | Interprocess_Messaging | messaging | Splunk_SA_CIM | 5.1.1 | |||
| 130 | Intrusion_Detection.IDS_Attacks | Intrusion_Detection | IDS_Attacks | ids,attack | Splunk_SA_CIM | DS012NetworkIntrusionDetection-ET01SigDetection | 5.1.1 | |
| 131 | Intrusion_Detection.Application_IDS_Attacks | Intrusion_Detection | Application_IDS_Attacks | ids,attack | Splunk_SA_CIM | DS026WebApplicationFW-ET01General | 5.1.1 | |
| 132 | Intrusion_Detection.Host_IDS_Attacks | Intrusion_Detection | Host_IDS_Attacks | ids,attack | Splunk_SA_CIM | DS020HostIntrustionDetection-ET01SigDetected | 5.1.1 | |
| 133 | Intrusion_Detection.Network_IDS_Attacks | Intrusion_Detection | Network_IDS_Attacks | ids,attack | Splunk_SA_CIM | 5.1.1 | ||
| 134 | Intrusion_Detection | Intrusion_Detection | ids,attack | Splunk_SA_CIM | 5.1.1 | |||
| 135 | JVM.JVM | JVM | JVM | jvm | Splunk_SA_CIM | 5.1.1 | ||
| 136 | JVM.Threading | JVM | Threading | jvm,threading | Splunk_SA_CIM | 5.1.1 | ||
| 137 | JVM.Runtime | JVM | Runtime | jvm,runtime | Splunk_SA_CIM | 5.1.1 | ||
| 138 | JVM.OS | JVM | OS | jvm,os | Splunk_SA_CIM | 5.1.1 | ||
| 139 | JVM.Compilation | JVM | Compilation | jvm,compilation | Splunk_SA_CIM | 5.1.1 | ||
| 140 | JVM.Classloading | JVM | Classloading | jvm,classloading | Splunk_SA_CIM | 5.1.1 | ||
| 141 | JVM.Memory | JVM | Memory | jvm,memory | Splunk_SA_CIM | 5.1.1 | ||
| 142 | JVM | JVM | jvm | Splunk_SA_CIM | 5.1.1 | |||
| 143 | Malware.Malware_Attacks | Malware | Malware_Attacks | malware,attack | Splunk_SA_CIM | DS004EndPointAntiMalware-ET01SigDetected | 5.1.1 | |
| 144 | Malware.Allowed_Malware | Malware | Allowed_Malware | malware,attack | Splunk_SA_CIM | 5.1.1 | ||
| 145 | Malware.Blocked_Malware | Malware | Blocked_Malware | malware,attack | Splunk_SA_CIM | 5.1.1 | ||
| 146 | Malware.Deferred_Malware | Malware | Deferred_Malware | malware,attack | Splunk_SA_CIM | 5.1.1 | ||
| 147 | Malware.Malware_Operations | Malware | Malware_Operations | malware,operations | Splunk_SA_CIM | DS004EndPointAntiMalware-ET02UpdatedSig|DS004EndPointAntiMalware-ET03UpdatedEng | 5.1.1 | |
| 148 | Malware | Malware | malware,attack | Splunk_SA_CIM | DS004EndPointAntiMalware-ET01SigDetected | 5.1.1 | ||
| 149 | Network_Resolution.DNS | Network_Resolution | DNS | network,resolution,dns | Splunk_SA_CIM | DS002DNS-ET01Query|DS002DNS-ET01QueryRequest|DS002DNS-ET01QueryResponse | 5.1.1 | |
| 150 | Network_Resolution | Network_Resolution | network,resolution,dns | Splunk_SA_CIM | DS002DNS-ET01Query|DS002DNS-ET01QueryRequest|DS002DNS-ET01QueryResponse | 5.1.1 | ||
| 151 | Network_Sessions.All_Sessions | Network_Sessions | All_Sessions | network,session | Splunk_SA_CIM | 5.1.1 | ||
| 152 | Network_Sessions.Session_Start | Network_Sessions | Session_Start | network,session,start | Splunk_SA_CIM | 5.1.1 | ||
| 153 | Network_Sessions.Session_End | Network_Sessions | Session_End | network,session,end | Splunk_SA_CIM | 5.1.1 | ||
| 154 | Network_Sessions.DHCP | Network_Sessions | DHCP | network,session,dhcp | Splunk_SA_CIM | DS025IPAddressAssignment-ET01General | 5.1.1 | |
| 155 | Network_Sessions.VPN | Network_Sessions | VPN | network,session,vpn | Splunk_SA_CIM | 5.1.1 | ||
| 156 | Network_Sessions | Network_Sessions | network,session | Splunk_SA_CIM | DS025IPAddressAssignment-ET01General | 5.1.1 | ||
| 157 | Network_Traffic.All_Traffic | Network_Traffic | All_Traffic | network,communicate | Splunk_SA_CIM | DS010NetworkCommunication-ET01Traffic|DS010NetworkCommunication-ET01TrafficAppAware|DS010NetworkCommunication-ET03UserAware|DS031ApplicationLoadBalancer-ET01General|DS032DNSGlobalLoadBalancer-ET01General | 5.1.1 | |
| 158 | Network_Traffic.Traffic_By_Action | Network_Traffic | Traffic_By_Action | network,communicate | Splunk_SA_CIM | 5.1.1 | ||
| 159 | Network_Traffic.Allowed_Traffic | Network_Traffic | Allowed_Traffic | network,communicate | Splunk_SA_CIM | DS010NetworkCommunication-ET01TrafficAllowed | 5.1.1 | |
| 160 | Network_Traffic.Blocked_Traffic | Network_Traffic | Blocked_Traffic | network,communicate | Splunk_SA_CIM | DS010NetworkCommunication-ET01TrafficBlocked | 5.1.1 | |
| 161 | Network_Traffic | Network_Traffic | network,communicate | Splunk_SA_CIM | DS010NetworkCommunication-ET01Traffic|DS010NetworkCommunication-ET01TrafficAppAware|DS010NetworkCommunication-ET03UserAware | 5.1.1 | ||
| 162 | Performance.All_Performance | Performance | All_Performance | Splunk_SA_CIM | DS022HostPerformance-ET01General | 5.1.1 | ||
| 163 | Performance.CPU | Performance | CPU | performance,cpu | Splunk_SA_CIM | 5.1.1 | ||
| 164 | Performance.Facilities | Performance | Facilities | performance,facilities | Splunk_SA_CIM | 5.1.1 | ||
| 165 | Performance.Memory | Performance | Memory | performance,memory | Splunk_SA_CIM | 5.1.1 | ||
| 166 | Performance.Storage | Performance | Storage | performance,storage | Splunk_SA_CIM | 5.1.1 | ||
| 167 | Performance.Network | Performance | Network | performance,network | Splunk_SA_CIM | 5.1.1 | ||
| 168 | Performance.OS | Performance | OS | performance,os | Splunk_SA_CIM | 5.1.1 | ||
| 169 | Performance.Timesync | Performance | Timesync | performance,os,time,synchronize | Splunk_SA_CIM | 5.1.1 | ||
| 170 | Performance.Uptime | Performance | Uptime | performance,os,uptime | Splunk_SA_CIM | 5.1.1 | ||
| 171 | Performance | Performance | Splunk_SA_CIM | DS022HostPerformance-ET01General | 5.1.1 | |||
| 172 | Risk.All_Risk | Risk | All_Risk | SA-ThreatIntelligence | DS040RiskModifiers-ET01Risk | 6.6.0 | ||
| 173 | Risk | Risk | SA-ThreatIntelligence | DS040RiskModifiers-ET01Risk | 6.6.0 | |||
| 174 | Splunk_Audit.Datamodel_Acceleration | Splunk_Audit | Datamodel_Acceleration | Splunk_SA_CIM | 5.1.1 | |||
| 175 | Splunk_Audit.Search_Activity | Splunk_Audit | Search_Activity | Splunk_SA_CIM | VendorSpecific-SplunkSearchActivity | 5.1.1 | ||
| 176 | Splunk_Audit.Acceleration_Jobs | Splunk_Audit | Acceleration_Jobs | Splunk_SA_CIM | 5.1.1 | |||
| 177 | Splunk_Audit.Adhoc_Jobs | Splunk_Audit | Adhoc_Jobs | Splunk_SA_CIM | 5.1.1 | |||
| 178 | Splunk_Audit.Failed_Jobs | Splunk_Audit | Failed_Jobs | Splunk_SA_CIM | 5.1.1 | |||
| 179 | Splunk_Audit.Realtime_Jobs | Splunk_Audit | Realtime_Jobs | Splunk_SA_CIM | 5.1.1 | |||
| 180 | Splunk_Audit.Scheduled_Jobs | Splunk_Audit | Scheduled_Jobs | Splunk_SA_CIM | 5.1.1 | |||
| 181 | Splunk_Audit.Subsearch_Jobs | Splunk_Audit | Subsearch_Jobs | Splunk_SA_CIM | 5.1.1 | |||
| 182 | Splunk_Audit.Scheduler_Activity | Splunk_Audit | Scheduler_Activity | Splunk_SA_CIM | 5.1.1 | |||
| 183 | Splunk_Audit.View_Activity | Splunk_Audit | View_Activity | Splunk_SA_CIM | 5.1.1 | |||
| 184 | Splunk_Audit.Web_Service_Errors | Splunk_Audit | Web_Service_Errors | Splunk_SA_CIM | 5.1.1 | |||
| 185 | Splunk_Audit.Modular_Actions | Splunk_Audit | Modular_Actions | modaction | Splunk_SA_CIM | 5.1.1 | ||
| 186 | Splunk_Audit.Modular_Action_Invocations | Splunk_Audit | Modular_Action_Invocations | modaction,invocation | Splunk_SA_CIM | 5.1.1 | ||
| 187 | Splunk_Audit | Splunk_Audit | Splunk_SA_CIM | 5.1.1 | ||||
| 188 | Splunk_CIM_Validation.Alerts | Splunk_CIM_Validation | Alerts | Splunk_SA_CIM | 5.1.1 | |||
| 189 | Splunk_CIM_Validation.Application_State | Splunk_CIM_Validation | Application_State | Splunk_SA_CIM | 5.1.1 | |||
| 190 | Splunk_CIM_Validation.Missing_Extractions_Ports | Splunk_CIM_Validation | Missing_Extractions_Ports | Splunk_SA_CIM | 5.1.1 | |||
| 191 | Splunk_CIM_Validation.Missing_Extractions_Processes | Splunk_CIM_Validation | Missing_Extractions_Processes | Splunk_SA_CIM | 5.1.1 | |||
| 192 | Splunk_CIM_Validation.Missing_Extractions_Services | Splunk_CIM_Validation | Missing_Extractions_Services | Splunk_SA_CIM | 5.1.1 | |||
| 193 | Splunk_CIM_Validation.Authentication | Splunk_CIM_Validation | Authentication | Splunk_SA_CIM | 5.1.1 | |||
| 194 | Splunk_CIM_Validation.Missing_Extractions_Authentication | Splunk_CIM_Validation | Missing_Extractions_Authentication | Splunk_SA_CIM | 5.1.1 | |||
| 195 | Splunk_CIM_Validation.Certificates | Splunk_CIM_Validation | Certificates | Splunk_SA_CIM | 5.1.1 | |||
| 196 | Splunk_CIM_Validation.Missing_Extractions_Certificates | Splunk_CIM_Validation | Missing_Extractions_Certificates | Splunk_SA_CIM | 5.1.1 | |||
| 197 | Splunk_CIM_Validation.Change_Analysis | Splunk_CIM_Validation | Change_Analysis | Splunk_SA_CIM | 5.1.1 | |||
| 198 | Splunk_CIM_Validation.Missing_Extractions_Account_Management | Splunk_CIM_Validation | Missing_Extractions_Account_Management | Splunk_SA_CIM | 5.1.1 | |||
| 199 | Splunk_CIM_Validation.Missing_Extractions_Endpoint_Changes | Splunk_CIM_Validation | Missing_Extractions_Endpoint_Changes | Splunk_SA_CIM | 5.1.1 | |||
| 200 | Splunk_CIM_Validation.Missing_Extractions_Filesystem_Changes | Splunk_CIM_Validation | Missing_Extractions_Filesystem_Changes | Splunk_SA_CIM | 5.1.1 | |||
| 201 | Splunk_CIM_Validation.Missing_Extractions_Network_Changes | Splunk_CIM_Validation | Missing_Extractions_Network_Changes | Splunk_SA_CIM | 5.1.1 | |||
| 202 | Splunk_CIM_Validation.Missing_Extractions_Restarts | Splunk_CIM_Validation | Missing_Extractions_Restarts | Splunk_SA_CIM | 5.1.1 | |||
| 203 | Splunk_CIM_Validation.Compute_Inventory | Splunk_CIM_Validation | Compute_Inventory | Splunk_SA_CIM | 5.1.1 | |||
| 204 | Splunk_CIM_Validation.Missing_Extractions_CPU | Splunk_CIM_Validation | Missing_Extractions_CPU | Splunk_SA_CIM | 5.1.1 | |||
| 205 | Splunk_CIM_Validation.Missing_Extractions_Memory | Splunk_CIM_Validation | Missing_Extractions_Memory | Splunk_SA_CIM | 5.1.1 | |||
| 206 | Splunk_CIM_Validation.Missing_Extractions_Network | Splunk_CIM_Validation | Missing_Extractions_Network | Splunk_SA_CIM | 5.1.1 | |||
| 207 | Splunk_CIM_Validation.Missing_Extractions_Storage | Splunk_CIM_Validation | Missing_Extractions_Storage | Splunk_SA_CIM | 5.1.1 | |||
| 208 | Splunk_CIM_Validation.Missing_Extractions_OS | Splunk_CIM_Validation | Missing_Extractions_OS | Splunk_SA_CIM | 5.1.1 | |||
| 209 | Splunk_CIM_Validation.Databases | Splunk_CIM_Validation | Databases | Splunk_SA_CIM | 5.1.1 | |||
| 210 | Splunk_CIM_Validation.Email | Splunk_CIM_Validation | Splunk_SA_CIM | 5.1.1 | ||||
| 211 | Splunk_CIM_Validation.Missing_Extractions_All_Email | Splunk_CIM_Validation | Missing_Extractions_All_Email | Splunk_SA_CIM | 5.1.1 | |||
| 212 | Splunk_CIM_Validation.Interprocess_Messaging | Splunk_CIM_Validation | Interprocess_Messaging | Splunk_SA_CIM | 5.1.1 | |||
| 213 | Splunk_CIM_Validation.Intrusion_Detection | Splunk_CIM_Validation | Intrusion_Detection | Splunk_SA_CIM | 5.1.1 | |||
| 214 | Splunk_CIM_Validation.Missing_Extractions_IDS | Splunk_CIM_Validation | Missing_Extractions_IDS | Splunk_SA_CIM | 5.1.1 | |||
| 215 | Splunk_CIM_Validation.JVM | Splunk_CIM_Validation | JVM | Splunk_SA_CIM | 5.1.1 | |||
| 216 | Splunk_CIM_Validation.Malware | Splunk_CIM_Validation | Malware | Splunk_SA_CIM | 5.1.1 | |||
| 217 | Splunk_CIM_Validation.Missing_Extractions_Malware_Attacks | Splunk_CIM_Validation | Missing_Extractions_Malware_Attacks | Splunk_SA_CIM | 5.1.1 | |||
| 218 | Splunk_CIM_Validation.Missing_Extractions_Malware_Operations | Splunk_CIM_Validation | Missing_Extractions_Malware_Operations | Splunk_SA_CIM | 5.1.1 | |||
| 219 | Splunk_CIM_Validation.Network_Resolution | Splunk_CIM_Validation | Network_Resolution | Splunk_SA_CIM | 5.1.1 | |||
| 220 | Splunk_CIM_Validation.Missing_Extractions_DNS | Splunk_CIM_Validation | Missing_Extractions_DNS | Splunk_SA_CIM | 5.1.1 | |||
| 221 | Splunk_CIM_Validation.Network_Sessions | Splunk_CIM_Validation | Network_Sessions | Splunk_SA_CIM | 5.1.1 | |||
| 222 | Splunk_CIM_Validation.Missing_Extractions_Network_Sessions | Splunk_CIM_Validation | Missing_Extractions_Network_Sessions | Splunk_SA_CIM | 5.1.1 | |||
| 223 | Splunk_CIM_Validation.Network_Traffic | Splunk_CIM_Validation | Network_Traffic | Splunk_SA_CIM | 5.1.1 | |||
| 224 | Splunk_CIM_Validation.Missing_Extractions_Network_Traffic | Splunk_CIM_Validation | Missing_Extractions_Network_Traffic | Splunk_SA_CIM | 5.1.1 | |||
| 225 | Splunk_CIM_Validation.Performance | Splunk_CIM_Validation | Performance | Splunk_SA_CIM | 5.1.1 | |||
| 226 | Splunk_CIM_Validation.Missing_Extractions_Perf_CPU | Splunk_CIM_Validation | Missing_Extractions_Perf_CPU | Splunk_SA_CIM | 5.1.1 | |||
| 227 | Splunk_CIM_Validation.Missing_Extractions_Perf_Facilities | Splunk_CIM_Validation | Missing_Extractions_Perf_Facilities | Splunk_SA_CIM | 5.1.1 | |||
| 228 | Splunk_CIM_Validation.Missing_Extractions_Perf_Memory | Splunk_CIM_Validation | Missing_Extractions_Perf_Memory | Splunk_SA_CIM | 5.1.1 | |||
| 229 | Splunk_CIM_Validation.Missing_Extractions_Perf_Storage | Splunk_CIM_Validation | Missing_Extractions_Perf_Storage | Splunk_SA_CIM | 5.1.1 | |||
| 230 | Splunk_CIM_Validation.Missing_Extractions_Perf_Network | Splunk_CIM_Validation | Missing_Extractions_Perf_Network | Splunk_SA_CIM | 5.1.1 | |||
| 231 | Splunk_CIM_Validation.Missing_Extractions_Perf_Timesync | Splunk_CIM_Validation | Missing_Extractions_Perf_Timesync | Splunk_SA_CIM | 5.1.1 | |||
| 232 | Splunk_CIM_Validation.Missing_Extractions_Perf_Uptime | Splunk_CIM_Validation | Missing_Extractions_Perf_Uptime | Splunk_SA_CIM | 5.1.1 | |||
| 233 | Splunk_CIM_Validation.Splunk_Audit | Splunk_CIM_Validation | Splunk_Audit | Splunk_SA_CIM | 5.1.1 | |||
| 234 | Splunk_CIM_Validation.Ticket_Management | Splunk_CIM_Validation | Ticket_Management | Splunk_SA_CIM | 5.1.1 | |||
| 235 | Splunk_CIM_Validation.Missing_Extractions_All_Ticket_Managment | Splunk_CIM_Validation | Missing_Extractions_All_Ticket_Managment | Splunk_SA_CIM | 5.1.1 | |||
| 236 | Splunk_CIM_Validation.Missing_Extractions_Incident | Splunk_CIM_Validation | Missing_Extractions_Incident | Splunk_SA_CIM | 5.1.1 | |||
| 237 | Splunk_CIM_Validation.Missing_Extractions_Problem | Splunk_CIM_Validation | Missing_Extractions_Problem | Splunk_SA_CIM | 5.1.1 | |||
| 238 | Splunk_CIM_Validation.Missing_Extractions_Change | Splunk_CIM_Validation | Missing_Extractions_Change | Splunk_SA_CIM | 5.1.1 | |||
| 239 | Splunk_CIM_Validation.Updates | Splunk_CIM_Validation | Updates | Splunk_SA_CIM | 5.1.1 | |||
| 240 | Splunk_CIM_Validation.Missing_Extractions_Updates | Splunk_CIM_Validation | Missing_Extractions_Updates | Splunk_SA_CIM | 5.1.1 | |||
| 241 | Splunk_CIM_Validation.Vulnerabilities | Splunk_CIM_Validation | Vulnerabilities | Splunk_SA_CIM | 5.1.1 | |||
| 242 | Splunk_CIM_Validation.Missing_Extractions_Vulnerabilities | Splunk_CIM_Validation | Missing_Extractions_Vulnerabilities | Splunk_SA_CIM | 5.1.1 | |||
| 243 | Splunk_CIM_Validation.Web | Splunk_CIM_Validation | Web | Splunk_SA_CIM | 5.1.1 | |||
| 244 | Splunk_CIM_Validation.Missing_Extractions_Web | Splunk_CIM_Validation | Missing_Extractions_Web | Splunk_SA_CIM | 5.1.1 | |||
| 245 | Splunk_CIM_Validation.Untagged_Events | Splunk_CIM_Validation | Untagged_Events | Splunk_SA_CIM | 5.1.1 | |||
| 246 | Splunk_CIM_Validation.Untagged_Ports | Splunk_CIM_Validation | Untagged_Ports | Splunk_SA_CIM | 5.1.1 | |||
| 247 | Splunk_CIM_Validation.Untagged_Processes | Splunk_CIM_Validation | Untagged_Processes | Splunk_SA_CIM | 5.1.1 | |||
| 248 | Splunk_CIM_Validation.Untagged_Services | Splunk_CIM_Validation | Untagged_Services | Splunk_SA_CIM | 5.1.1 | |||
| 249 | Splunk_CIM_Validation.Untagged_Authentication | Splunk_CIM_Validation | Untagged_Authentication | Splunk_SA_CIM | 5.1.1 | |||
| 250 | Splunk_CIM_Validation.Untagged_Changes | Splunk_CIM_Validation | Untagged_Changes | Splunk_SA_CIM | 5.1.1 | |||
| 251 | Splunk_CIM_Validation.Untagged_Email | Splunk_CIM_Validation | Untagged_Email | Splunk_SA_CIM | 5.1.1 | |||
| 252 | Splunk_CIM_Validation.Untagged_IDS | Splunk_CIM_Validation | Untagged_IDS | Splunk_SA_CIM | 5.1.1 | |||
| 253 | Splunk_CIM_Validation.Untagged_Malware_Attacks | Splunk_CIM_Validation | Untagged_Malware_Attacks | Splunk_SA_CIM | 5.1.1 | |||
| 254 | Splunk_CIM_Validation.Untagged_Network_Resolution | Splunk_CIM_Validation | Untagged_Network_Resolution | Splunk_SA_CIM | 5.1.1 | |||
| 255 | Splunk_CIM_Validation.Untagged_Network_Sessions | Splunk_CIM_Validation | Untagged_Network_Sessions | Splunk_SA_CIM | 5.1.1 | |||
| 256 | Splunk_CIM_Validation.Untagged_Network_Traffic | Splunk_CIM_Validation | Untagged_Network_Traffic | Splunk_SA_CIM | 5.1.1 | |||
| 257 | Splunk_CIM_Validation.Untagged_Perf_CPU | Splunk_CIM_Validation | Untagged_Perf_CPU | Splunk_SA_CIM | 5.1.1 | |||
| 258 | Splunk_CIM_Validation.Untagged_Facilities | Splunk_CIM_Validation | Untagged_Facilities | Splunk_SA_CIM | 5.1.1 | |||
| 259 | Splunk_CIM_Validation.Untagged_Memory | Splunk_CIM_Validation | Untagged_Memory | Splunk_SA_CIM | 5.1.1 | |||
| 260 | Splunk_CIM_Validation.Untagged_Storage | Splunk_CIM_Validation | Untagged_Storage | Splunk_SA_CIM | 5.1.1 | |||
| 261 | Splunk_CIM_Validation.Untagged_Network | Splunk_CIM_Validation | Untagged_Network | Splunk_SA_CIM | 5.1.1 | |||
| 262 | Splunk_CIM_Validation.Untagged_OS | Splunk_CIM_Validation | Untagged_OS | Splunk_SA_CIM | 5.1.1 | |||
| 263 | Splunk_CIM_Validation.Untagged_Updates | Splunk_CIM_Validation | Untagged_Updates | Splunk_SA_CIM | 5.1.1 | |||
| 264 | Splunk_CIM_Validation.Untagged_Vulnerabilities | Splunk_CIM_Validation | Untagged_Vulnerabilities | Splunk_SA_CIM | 5.1.1 | |||
| 265 | Splunk_CIM_Validation.Untagged_Web | Splunk_CIM_Validation | Untagged_Web | Splunk_SA_CIM | 5.1.1 | |||
| 266 | Splunk_CIM_Validation | Splunk_CIM_Validation | Splunk_SA_CIM | 5.1.1 | ||||
| 267 | Threat_Intelligence.Threat_Activity | Threat_Intelligence | Threat_Activity | DA-ESS-ThreatIntelligence | DS038ThreatIntel-ET01IOCDetected | 6.6.0 | ||
| 268 | Threat_Intelligence.Certificate_Intelligence | Threat_Intelligence | Certificate_Intelligence | DA-ESS-ThreatIntelligence | 6.6.0 | |||
| 269 | Threat_Intelligence.Email_Intelligence | Threat_Intelligence | Email_Intelligence | DA-ESS-ThreatIntelligence | 6.6.0 | |||
| 270 | Threat_Intelligence.File_Intelligence | Threat_Intelligence | File_Intelligence | DA-ESS-ThreatIntelligence | 6.6.0 | |||
| 271 | Threat_Intelligence.HTTP_Intelligence | Threat_Intelligence | HTTP_Intelligence | DA-ESS-ThreatIntelligence | 6.6.0 | |||
| 272 | Threat_Intelligence.IP_Intelligence | Threat_Intelligence | IP_Intelligence | DA-ESS-ThreatIntelligence | 6.6.0 | |||
| 273 | Threat_Intelligence.Process_Intelligence | Threat_Intelligence | Process_Intelligence | DA-ESS-ThreatIntelligence | 6.6.0 | |||
| 274 | Threat_Intelligence.Registry_Intelligence | Threat_Intelligence | Registry_Intelligence | DA-ESS-ThreatIntelligence | 6.6.0 | |||
| 275 | Threat_Intelligence.Service_Intelligence | Threat_Intelligence | Service_Intelligence | DA-ESS-ThreatIntelligence | 6.6.0 | |||
| 276 | Threat_Intelligence.Threat_Group_Intelligence | Threat_Intelligence | Threat_Group_Intelligence | DA-ESS-ThreatIntelligence | 6.6.0 | |||
| 277 | Threat_Intelligence.User_Intelligence | Threat_Intelligence | User_Intelligence | DA-ESS-ThreatIntelligence | 6.6.0 | |||
| 278 | Threat_Intelligence | Threat_Intelligence | DA-ESS-ThreatIntelligence | DS038ThreatIntel-ET01IOCDetected | 6.6.0 | |||
| 279 | Ticket_Management.All_Ticket_Management | Ticket_Management | All_Ticket_Management | ticketing | Splunk_SA_CIM | DS013TicketManagement-ET01|DS013TicketManagement-ET02LowLevelEvents | 5.1.1 | |
| 280 | Ticket_Management.Change | Ticket_Management | Change | ticketing,change | Splunk_SA_CIM | 5.1.1 | ||
| 281 | Ticket_Management.Incident | Ticket_Management | Incident | ticketing,incident | Splunk_SA_CIM | 5.1.1 | ||
| 282 | Ticket_Management.Problem | Ticket_Management | Problem | ticketing,problem | Splunk_SA_CIM | 5.1.1 | ||
| 283 | Ticket_Management | Ticket_Management | ticketing | Splunk_SA_CIM | DS013TicketManagement-ET01|DS013TicketManagement-ET02LowLevelEvents | 5.1.1 | ||
| 284 | Updates.Updates | Updates | Updates | update,status | Splunk_SA_CIM | 5.1.1 | ||
| 285 | Updates.Available_Updates | Updates | Available_Updates | update,status | Splunk_SA_CIM | DS019PatchManagement-Eligible | 5.1.1 | |
| 286 | Updates.Installed_Updates | Updates | Installed_Updates | update,status | Splunk_SA_CIM | DS019PatchManagement-Applied | 5.1.1 | |
| 287 | Updates.Restart_Required_Updates | Updates | Restart_Required_Updates | update,status | Splunk_SA_CIM | DS019PatchManagement-Applied | 5.1.1 | |
| 288 | Updates.Update_Errors | Updates | Update_Errors | update,error | Splunk_SA_CIM | DS019PatchManagement-Failed | 5.1.1 | |
| 289 | Updates | Updates | update,status | Splunk_SA_CIM | DS019PatchManagement-Applied | 5.1.1 | ||
| 290 | Vulnerabilities.Vulnerabilities | Vulnerabilities | Vulnerabilities | vulnerability,report | Splunk_SA_CIM | DS018VulnerabilityDetection-ET01SigDetected | 5.1.1 | |
| 291 | Vulnerabilities.High_Critical_Vulnerabilities | Vulnerabilities | High_Critical_Vulnerabilities | vulnerability,report | Splunk_SA_CIM | 5.1.1 | ||
| 292 | Vulnerabilities.Medium_Vulnerabilities | Vulnerabilities | Medium_Vulnerabilities | vulnerability,report | Splunk_SA_CIM | 5.1.1 | ||
| 293 | Vulnerabilities.Low_Informational_Vulnerabilities | Vulnerabilities | Low_Informational_Vulnerabilities | vulnerability,report | Splunk_SA_CIM | 5.1.1 | ||
| 294 | Vulnerabilities | Vulnerabilities | vulnerability,report | Splunk_SA_CIM | DS018VulnerabilityDetection-ET01SigDetected | 5.1.1 | ||
| 295 | Web.Web | Web | Web | web | Splunk_SA_CIM | DS005WebProxyRequest-ET01Requested|DS005WebProxyRequest-ET01RequestedWebAppAware | 5.1.1 | |
| 296 | Web.Proxy | Web | Proxy | web,proxy | Splunk_SA_CIM | 5.1.1 | ||
| 297 | Web.Storage | Web | Storage | web,storage | Splunk_SA_CIM | 5.1.1 | ||
| 298 | Web | Web | web | Splunk_SA_CIM | DS005WebProxyRequest-ET01Requested|DS005WebProxyRequest-ET01RequestedWebAppAware|DS014WebServer-ET01Access | 5.1.1 |