This TA for Splunk provide fields extractions from Eset Remote Administrator logs and mapping to the Malware CIM
Eset Remote Administrator TA for Splunk. Fields extractions and CIM mapping
- Install this TA from splunkbase or manually on your search heads
- Configure port listening in Data Inputs
- Enjoy your data!
We recommend to separate your data and create index specially for this TA.
- Initial release
- Data model mapping Malware -> Blocked
- Some problems with timestamp
- Actions "cleaned by deleting", "connection terminated" and "deleted" = action "blocked" for good CIM mapping