Can anybody point me to a document that shows how to import data sources into SIEM. I have exported the data sources and can see the exiting data sources after opening the CSV in Notepad++.
Some of the questions I have are -
1. Do I have to reimport the existing data sources back or can I just import the new data sources ?
2. What is the "linked_ipsid" column for ?
1. No this make no sense, Yes with limitations
2. this is the id for the Datasource you want to add.
You must type an add in the first column "op" for each line, elsewise the data source wouldn't import by the siem.
1. Export one Domaincontroler
2. Open the csv withe notepad ++
3. type in an add in the op column
4. Change the given name
5. Change nothing else
6. Repeate the steps 3 to 5 for more data source
I typically export everything, copy the CSV file and rename it, then add the new lines and import the whole thing. Only the lines with "add" will be inserted.
Key things to remember:
The first column "op" is where you tell it "add" "edit" or "remove"
The second column"rec_id", on the new data sources, change the field type to Text, and go to your Receiver's Properties, then to the "Name & Description" page - the long number has to copied and pasted in to the second field.
Fill out the rest of the information as needed depending on the type of Data Source being imported.
Save the CSV file, then close the CSV and say No when it asks you to save it again.
Import your list.
Look in your Product Guide Documentation, or the Help for the details, search for "spreadsheet fields for importing data sources" - the documentation will also show you which fields are required for all data sources, and then breakdowns for different data source types.
Thanks rth67, I have downloaded the document and are reviewing the "spreadsheet fields for importing data sources", lots of helpful information. Thanks again, you have saved me a lot of time.