CIM Compliance Check

As a part of Data Inventory introspection, Splunk Security Essentials checks your data against a series of Common Information Model checks. This dashboard will show you the results.

  1. The Common Information Model (CIM) Compliance Check dashboard is intended to check to see if your data aligns to Splunk’s CIM. This is a common set of fields that can be shared across products, allowing you to know that a field like src_ip will bring back results regardless of what the original data looks like.
  2. You will see a list of the products that you’ve configured in Splunk Security Essentials broken out by data source category (e.g., Successful Authentication), and the CIM compliance status of each key field for that DSC.
  3. If you expand the row, you’ll also be able to see the actual values returned when searching that data.
  4. This dashboard builds on the Data Inventory introspection, so if you haven’t configured that yet, make sure to visit that page.