1 - Open Network Detection & Response (NDR)
To onboard such an appliance to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| label | value |
|---|---|
| vendor | corelight |
| product | ndr-platform |
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype, source, and index settings:
| sourcetype | index |
|---|---|
| corelight_alerts | main |
| corelight_conn | main |
| corelight_corelight | main |
| corelight_corelight_metrics_bro | main |
| corelight_corelight_metrics_iface | main |
| corelight_dhcp | main |
| corelight_dpd | main |
| corelight_etc_viz | main |
| corelight_evt_all | main |
| corelight_evt_http | main |
| corelight_evt_suri | main |
| corelight_files | main |
| corelight_ftp | main |
| corelight_http | main |
| corelight_http_red | main |
| corelight_idx | main |
| corelight_irc | main |
| corelight_kerberos | main |
| corelight_metrics_bro | main |
| corelight_metrics_iface | main |
| corelight_rdp | main |
| corelight_smb | main |
| corelight_smb_files | main |
| corelight_socks | main |
| corelight_ssh | main |
| corelight_ssh_red | main |
| corelight_ssl | main |
| corelight_st_base | main |
| corelight_suri | main |
| corelight_suricata_corelight | main |
| corelight_x509 | main |