Review reports on discovered assets in Splunk Asset and Risk Intelligence
In Splunk Asset and Risk Intelligence, you can review summary reports on discovered network assets, user identities, software, and more. Discovery reports include data such as geographic locations and trends over time.
Access your discovery reports
To find your discovery reports in Splunk Asset and Risk Intelligence, complete the following steps:
- Select Discovery in the main menu navigation bar.
- Select the type of discovery report you want to view, such as User identity discovery or IP address discovery.
- (Optional) To see a discovery report of assets with no assigned asset type, filter the Network asset discovery report by uncategorized assets.
- Select Discovery and then Network asset discovery.
- Create a filter for the
asset_type
field with a value of uncategorized. See Filter your discovery reports.
Filter your discovery reports
You can filter discovery reports by particular fields or by a Search Processing Language (SPL) search. Then, you can save that filter and return to the same view at a later time. To create a report filter, complete the following steps:
- In Splunk Asset and Risk Intelligence, select Discovery from the main menu navigation bar, and then select the discovery report you want to view. For example, IP address discovery.
- Select Show filters.
- Enter a name for your filter.
- Using the drop-down list, select the time frame you want to search within.
- (Optional) Select the Make public check box if you want to make the filter available to other users. If you don't select this option, the filter remains private for only you to use.
- If you want to filter by fields, select Field filtering and then configure your filter using the drop-down lists. Select the add icon ( ) to add an additional field.
- If you want to filter by a search, select SPL search and then enter the SPL into the Search box.
You can filter by fields or by SPL search, but not by both. If you enter a search to filter by, then switching to field filtering clears any SPL data you've input.
- Select Search to see the results.
- Select Save as new filter.
- (Optional) To erase your configured filter, select Reset filter.
After you save a filter, you return to that filtered view by selecting it from the report drop-down list.
Add or remove fields in the asset listing table
In the asset listing table of each discovery report, you can add or remove fields that appear in the table. To add or remove fields, complete the following steps:
- In Splunk Asset and Risk Intelligence, select Discovery from the main menu navigation bar, and then select the discovery report you want to view. For example, IP address discovery.
- In the asset listing table, select the settings icon ( ).
- To add a field, use the drop-down list to select a new field. You can add more by selecting the add icon ( ).
- To remove a field, select the remove icon ( ) next to the field name in the Selected fields box.
- (Optional) To erase any changes you made, select Reset fields.
- Select Update.
Export a report
To export a report from Splunk Asset and Risk Intelligence, complete the following steps:
- Select Discovery from the main menu navigation bar, and then select the discovery report you want to view. For example, IP address discovery.
- In the asset listing table, select the download icon ( ).
- Enter a name for the file.
- Select an Output format, such as JSON.
- Select Download.
Use insight dashboards to review reports on systems and accounts associated with discovered assets
You can use Splunk Asset and Risk Intelligence insight dashboards to review data on other discoveries, such as operating systems, IoT devices, and default accounts. To find insight dashboards, select Discovery in the main menu navigation bar. Then, select the insight dashboard you want to view. To learn more about what each dashboard reports on, see the following table:
Dashboard | Description |
---|---|
Operating system insights | Displays visualizations with data on operating systems, including operating systems that are out-of-date or no longer supported, detected with assets discovered by Splunk Asset and Risk Intelligence. The dashboard reports on different aspects of operating systems, such as asset type and operating system version. |
Cloud asset insights |
Displays visualizations with data on active cloud-provisioned assets discovered by Splunk Asset and Risk Intelligence. |
IoT asset insights |
Displays visualizations with data on active IoT devices discovered by Splunk Asset and Risk Intelligence. The dashboard reports on different aspects of IoT devices, such as device class, vendor, subnets, and overall activity. |
Default account insights | Displays visualizations with data on default accounts discovered by Splunk Asset and Risk Intelligence. The dashboard reports on various counts and metrics about activity by detected default accounts. You can select a row in the asset listing table to open the investigation for that particular user ID. |
Get started with Splunk Asset and Risk Intelligence | Investigate assets in Splunk Asset and Risk Intelligence |
This documentation applies to the following versions of Splunk® Asset and Risk Intelligence: 1.0.0, 1.0.1, 1.0.2
Feedback submitted, thanks!