Hello everyone,
There is extensive documentation on what fields need to exist in order to a data source to fit into a certain CIM data model, but as far as I know everyone is reinventing the wheel in terms of finding which common sources/apps **can** fit the data model but do not because of some reason.
For example, I am ingesting Windows logs and I'm running ES. I open up the "Alerts" data model and go to the pivot, split rows by sourcetype. Choose a good, representative range (7 days for me) and I get a nice list of all my sourcetypes that are working with this data model. That are CIM compliant for this data model.
I do not, however, have any easy method of looking at what sources could work with it, but do not.
I was wondering if anyone knew if some sort of list existed that did so? Or perhaps an efficient way of finding it? Alerts was just an example, ideally it'd be for every data model.
If not, I plan to put together a google doc that does just this and will happily share it once it becomes something worth looking at.
↧