-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added splunk fwdtype and os details to the device inventory #584
Conversation
@@ -209,7 +213,7 @@ require([ | |||
| eval _time=strftime(latest_time, "%F %T") | |||
| eval Select="CHECKBOX_THIS_".uuid | |||
| rename ips as ip, hostnames as hostname, mac_addresses as mac_address | |||
| table uuid, Select, _time, ip, hostname, mac_address, lansweeper_id, lansweeper_state, lansweeper_asset_type, lansweeper_os, lansweeper_user, lansweeper_description, qualys_id, QUALYS_OS, qualys_network_id, tenable_uuid, tenable_os, nessus_uuid, nessus_os, sophos_uuid, sophos_type, sophos_os, sophos_user, sophos_login_via, sophos_health, sophos_product_installed, crowdstrike_id,kaspersky_collected_by,kaspersky_version,kaspersky_host, kaspersky_status windows_defender_host | |||
| table uuid, Select, _time, ip, hostname, mac_address, lansweeper_id, lansweeper_state, lansweeper_asset_type, lansweeper_os, lansweeper_user, lansweeper_description, qualys_id, QUALYS_OS, qualys_network_id, tenable_uuid, tenable_os, nessus_uuid, nessus_os, sophos_uuid, sophos_type, sophos_os, sophos_user, sophos_login_via, sophos_health, sophos_product_installed, crowdstrike_id,kaspersky_collected_by,kaspersky_version,kaspersky_host, kaspersky_status, windows_defender_host, splunk_host, splunk_os, splunk_user, splunk_version, splunk_forwarder_type, splunk_server |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need splunk_server?
What's the value for splunk_user? Is it multi-valued field?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
splunk_server is not much useful as we have hostname hence removing it.
I forgot to remove splunk_user from here as no such info available. I'll remove it.
@@ -239,12 +243,15 @@ definition = cyencesdevicemanager operation="getdevices" \ | |||
| eval kaspersky_status=kaspersky_status \ | |||
| eval tmp_kaspersky_status = kaspersky_status, kaspersky=case(tmp_kaspersky_status == "Present", 0, tmp_kaspersky_status == "Disabled", 1) \ | |||
| fieldformat kaspersky=tmp_kaspersky_status \ | |||
| eval splunk_status=case(isnull(splunk_last_event), "-", 1==1, splunk_forwarder_type) \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
splunk_status word is misleading as one would expect to have up/down status.
Instead we can say splunk_type maybe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shall we add this as a separate table to show all the Splunk related fields?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, will add same as other product table to show/hide when it's related to splunk.
No description provided.