Hi,
I'm looking for the best way to make CEF events what Splunk receives from various vendors to adopt to Splunk's TAs
For example: I've Websense Web Filter and Symantec Endpoint Protection.
Splunk provides TAs for those products with CIM-compatible knowledge.
I limited in receiving events from those products via CEF format.
I want to customize Splunk TAs
https://splunkbase.splunk.com/app/2966/
https://splunkbase.splunk.com/app/2772/
with input from CEF.
What is the best way to do it?
↧