Avanan has released an update to our Splunk app. This new version introduces support for Splunk's Common Information Model (CIM).
CIM is provided by Splunk to help normalize data from various sources by adding tags. Avanan's security events are now mapped to multiple CIM models, including emails, DLP, and malware.
The new data structure allows admins to better investigate security incidents and provided the needed action to mitigate threats.
Additionally, the new version is officially certified for Splunk Cloud deployments, in addition to the Splunk Enterprise Platform.
It also makes use of source types, which are now assigned to every event type sent to Splunk.