Activate integration with Splunk Enterprise Security in Splunk Asset and Risk Intelligence
Splunk Asset and Risk Intelligence can integrate with Splunk Enterprise Security to add asset context to notable events. With an active integration, Splunk Enterprise Security continuously updates its asset and identity inventories with Splunk Asset and Risk Intelligence data. Only a Splunk Asset and Risk Intelligence admin can activate the integration.
To learn more about what you can do with the Splunk Enterprise Security integration with Splunk Asset and Risk Intelligence, see Enrich Splunk Enterprise Security notable events with asset context in the Investigate Assets and Assess Risk in Splunk Asset and Risk Intelligence manual.
Activate the Splunk Enterprise Security integration
To activate the integration with Splunk Enterprise Security, complete the following steps:
- In Splunk Asset and Risk Intelligence, select Admin then Integrations and then Enterprise Security configuration.
- Select Enable Integration.
- Select Enable.
- After all of the integration items display "Success", select Close.
Deactivate the Splunk Enterprise Security integration
To deactivate the integration with Splunk Enterprise Security, complete the following steps:
- In Splunk Asset and Risk Intelligence, select Admin then Integrations and then Enterprise Security configuration.
- Select Remove Integration.
- Select Remove.
- After all of the integration removal items display "Success", select Close.
| Monitor, export, and share audit data in Splunk Asset and Risk Intelligence | Integrate ServiceNow data with Splunk Asset and Risk Intelligence data |
This documentation applies to the following versions of Splunk® Asset and Risk Intelligence: 1.0.0, 1.0.1
Download manual
Feedback submitted, thanks!