This add-on provides field extractions and CIM compatibility for the Bluecoat ProxySG Console logs. Splunk users with Bluecoat proxies can use this to feed into Enterprise Security events relating to Authentication and Change Analysis for the proxy itself. This add-on does not support the proxy access logs already supported by the Splunk-built Bluecoat TA.
June 14, 2017
The TA-bluecoat_console allows a Splunk® Enterprise administrator to get field extractions for the console and system messages of the proxy, supplying data to both the Authentication and Change Analysis datamodels.
If you're looking for something different than the typical "one-size-fits-all" security mentality, you've come to the right place.