Source types for the Splunk Add-on for Juniper¶
The Splunk Add-on for Juniper collects the following types of events:
- Risks
- Authentication
- Alerts
- Traffic
The add-on includes the following source types and event types, which map the Juniper data to the Splunk Common Information Model (CIM):
| Sourcetype | Event type | CIM data models |
|---|---|---|
netscreen:firewall |
netscreen_firewall |
n/a |
netscreen:firewall |
netscreen_firewall_communicate |
Network Traffic |
netscreen:firewall |
netscreen_firewall_translation_mac_to_ip |
n/a |
netscreen:firewall |
netscreen_authentication |
Authentication |
netscreen:firewall |
netscreen_authentication_default |
Authentication - Default_Authentication |
netscreen:firewall |
netscreen_authentication_privileged |
Authentication - Privileged_Authentication |
netscreen:firewall |
netscreen_firewall_modify_policy |
Change |
netscreen:firewall |
netscreen_restart |
n/a |
netscreen:firewall |
netscreen_alert |
Alerts |
juniper:junos:idp |
juniper_junos_idp |
n/a |
juniper:junos:idp |
juniper_junos_idp_attack |
Intrusion Detection |
juniper:junos:idp:structured |
juniper_junos_idp |
n/a |
juniper:junos:idp:structured |
juniper_junos_idp_attack |
Intrusion Detection |
juniper:junos:firewall |
juniper_junos_firewall |
Network Traffic |
juniper:junos:firewall |
juniper_junos_firewall_utm_attack |
Intrusion Detection |
juniper:junos:firewall |
juniper_junos_firewall_web |
Web |
juniper:junos:firewall:structured |
juniper_junos_firewall |
Network Traffic |
juniper:junos:firewall:structured |
juniper_junos_firewall_utm_attack |
Intrusion Detection |
juniper:junos:firewall:structured |
juniper_junos_firewall_utm_web |
Web |
juniper:junos:aamw:structured |
juniper_junos_aamw |
Intrusion Detection |
juniper:junos:secintel:structured |
juniper_junos_secintel |
Intrusion Detection |
juniper:junos:snmp |
juniper_junos_change_network |
Change - Network_Changes |