The Avanan Splunk Application now supports Splunk's Common Information Model (CIM), and makes use of event source types.
Avanan has released an update to our Splunk App, version 1.01. The new version now introduces support for the latest CIM versions. CIM is provided by Splunk to facilitate the normalization of data from different sources by adding various standard tags. Avanan Security Events are now mapped to multiple CIM datamodels, including Emails; DLP Incidents; and Malware attacks.
The Avanan email security event structure is now richer, including a lot of additional data on the email and security engines detection information - similarly to the email entity page on the Avanan Portal. The new data structure allows to better investigate the security incidents and provide the needed action to mitigate the threats.The new App version is now officially certified for Splunk Cloud deployments, in addition to the Splunk Enterprise platform.In addition, the new App version now makes use of Source Types. A source type is now assigned to every evert type sent to Splunk.Avanan's Splunk App is available in Splunkbase.