Splunk connector: Support of "url-domain" splunk CIM field for STIX2.1 "domain-name" pattern #1741
Comments
|
I'd need to see an example to know for sure, but chances are that it would make sense. Can you provide a sanitized example that can be used as a reference? |
|
Something like that ? It's an example of a Squid log ingested with the CIM Web/Proxy Splunk model. |
|
When I have a chance I'll take a look and see if it will work. As long as it's in the format that gets returned from the API it should work. Mostly looking to ensure that when the change is made we have a way to verify that it works. |
|
Hello @DerekRushton : Do you have any news regarding this issue ? |
|
I do not. At the moment this project is in a bit of hiatus as we try to find a new maintainer. My main priority is has shifted away from STIX-Shifter and I do not have the time to look into it. |
|
Thanks for your feedback @DerekRushton |
When converting a STIX-pattern into a Splunk query, it appears that the stix-pattern "domain-name" is not associated to the "url_domain" field present in the Web CIM Splunk model.
Does it make sense to you to add this field support?
The text was updated successfully, but these errors were encountered: