Author | Mikael Bjerkeland |
---|---|
App Version | 1.0.1 |
Vendor Products | Microsoft Forefront Threat Management Gateway 2010 |
Has index-time operations | True |
Create an index | False |
Implements summarization | False |
The Add-on for Microsoft Forefront Threat Management Gateway allows a Splunk® Enterprise administrator to extract and filter event information from the Microsoft Forefront Threat Management Gateway. The app sets the correct sourcetype and adds fields required for CIM compliance. The app includes inputs that allow you to monitor Forefront TMG log files on your Forwarders.
No scripts or binaries are included.
Version 1.0.1 of the Add-on for Microsoft Forefront Threat Management Gateway is compatible with:
Splunk Enterprise versions | 6.x |
---|---|
CIM | 4.3, 4.2, 4.1, 4.0 |
Platforms | Platform independent |
Vendor Products | Microsoft Forefront Threat Management Gateway 2010 and Microsoft Internet Security and Acceleration Server (ISA Server) |
Lookup file changes | Added microsoft_forefront_tmg_actions.csv |
Add-on for Microsoft Forefront Threat Management Gateway includes the following new features:
Version 1.0.1 of the Add-on for Microsoft Forefront Threat Management Gateway fixes the following issues:
Version 1.0.1 of the Add-on for Microsoft Forefront Threat Management Gateway has the following known issues:
Version 1.0.1 of the Add-on for Microsoft Forefront Threat Management Gateway incorporates the following third-party software or libraries.
**This app is community supported on a best effort basis. In case you have needs for professional support billed by the hour, please contact the author.
Add-on for Microsoft Forefront Threat Management Gateway supports the following server platforms in the versions supported by Splunk Enterprise:
To function properly, Add-on for Microsoft Forefront Threat Management Gateway requires the following software:
Because this add-on runs on Splunk Enterprise, all of the Splunk Enterprise system requirements apply.
Download the Add-on for Microsoft Forefront Threat Management Gateway at https://apps.splunk.com/app/3011/.
To install and configure this app on your supported platform, follow these steps:
Follow these steps to install the app in a single server instance of Splunk Enterprise:
Install to search head
Install to indexers
Install to forwarders
This app must be installed on a Splunk Universal Forwarder running on a Microsoft Windows host with access to the Forefront TMG w3c files.
You may need to tune the logging parameters of your Microsoft Forefront Threat Management Gateway server. For instructions on this please consult the official product documentation.
Follow the same steps as Install to search head.
Follow the same steps as Install to search head.
Unknown
This app provides search-time and index time knowledge for the following types of data from Microsoft Forefront Threat Management Gateway:
Search-time
These data types support the following Common Information Model data models:
Source Type | CIM Data Models |
---|---|
microsoft:forefront:tmg:proxy | Web |
microsoft:forefront:tmg:fw | Network Traffic |
The Add-on for Microsoft Forefront Threat Management Gateway contains 1 lookup files.
microsoft_forefront_tmg_actions.csv
Maps a vendor action to a CIM compliant action.
Fixed issues
Version 1.0.2 of the Add-on for Microsoft Forefront Threat Management Gateway fixes the following issues:
Documentation best practices
Fixed issues
Version 1.0.1 of the Add-on for Microsoft Forefront Threat Management Gateway fixes the following issues:
Documentation best practices
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.