Splunk® Asset and Risk Intelligence

Investigate Assets and Assess Risk in Splunk Asset and Risk Intelligence

Splunk Asset and Risk Intelligence is not compatible with Splunk Enterprise 9.1.2 due to known issues SPL-237796, SPL-248319 where search results in "results" have more rows than expected. Upgrade to Splunk Enterprise 9.1.3 to use Splunk Asset and Risk Intelligence.

Review framework dashboards and risk scoring insights in Splunk Asset and Risk Intelligence

Understand your compliance against cybersecurity frameworks by reviewing framework dashboards, or assess the risk of assets in your network using the Risk scoring insights dashboard.

Review cybersecurity framework dashboards

Cybersecurity frameworks provide standardized guidelines for addressing risk. You can map both known and custom cybersecurity framework controls to your metrics to report on compliance against these controls. Each active framework in Splunk Asset and Risk Intelligence has an associated dashboard that you can filter based on category, control, or metric. The dashboard includes all of the metrics mapped to the controls for that particular cybersecurity framework.

To review the metrics mapped to a framework, select Risk and then Frameworks in the main menu navigation bar. To add or activate a framework, see Create and manage cybersecurity frameworks in Splunk Asset and Risk Intelligence in the Administer Splunk Asset and Risk Intelligence manual.

Review risk scoring insights

To see risk scoring insights for all assets, select Risk then Scoring and then Risk scoring insights.

You can use the risk scoring insights dashboard to monitor risk by reviewing data such as risk score trends, high-risk assets, and asset counts for each risk rule. You can also filter the dashboard by risk level, such as "Critical", by risk rule, or by risk score.

If you want to further investigate an asset from the Risk scoring insights dashboard, you can select the asset in the Asset detail by risk scoring rules table. On the asset investigation page, you can view the risk score activity with the risk rules affecting the asset over the selected time frame and the associated risk scores for each rule. See Investigate assets in Splunk Asset and Risk Intelligence.

See also

To customize risk levels and adjust the risk rule schedule, see Modify risk settings in the Administer Splunk Asset and Risk Intelligence manual.

To save a filtered view for your framework dashboard, see Filter your asset reports.

To add a risk rule or risk filter, see Create and manage risk rules in Splunk Asset and Risk Intelligence in the Administer Splunk Asset and Risk Intelligence manual.

Last modified on 06 August, 2024
Assess risk using metrics in Splunk Asset and Risk Intelligence   Splunk Asset and Risk Intelligence scenario library

This documentation applies to the following versions of Splunk® Asset and Risk Intelligence: 1.0.0, 1.0.1, 1.0.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters