Review internal enrichment data in Splunk Asset and Risk Intelligence
Splunk Asset and Risk Intelligence uses data from a number of databases to enrich the assets that you discover and investigate. To review your internal enrichment data, select Admin and then Data enrichment in Splunk Asset and Risk Intelligence. Then, select the type of data listing you want to view. For example, a Geolocation listing.
You can review the following types of internal enrichment data listings:
Data listing | Description |
---|---|
Geolocation | The geolocation database contains all of the major cities and countries in the world. You can use the longitude and latitude coordinates from the geolocation database on map visualizations throughout Splunk Asset and Risk Intelligence. |
MAC vendor | Splunk Asset and Risk Intelligence contains a list of known MAC address vendors taken from the Wireshark Manufacturer Database. You can review and search for MAC addresses on the MAC vendor listing page. |
Default accounts | Default accounts are user accounts automatically bundled with software applications. You can identify the number of users considered to be default users by navigating to Discovery and then Default account insights. You can review the users that Splunk Asset and Risk Intelligence assigns as default on the Default accounts listing page. |
User agent | Splunk Asset and Risk Intelligence contains a lookup of known user agents that can help to enrich or populate certain asset fields. You can review the known user agents on the User agent listing page. |
Notes | Splunk Asset and Risk Intelligence users can add notes to assets and identities while investigating them. You can view all of the notes added to assets and identities on the Notes listing page. |
Custom data | You can add custom fields to Splunk Asset and Risk Intelligence inventories, and you can review all of the added custom fields on the Custom data listing page. |
You can also add a custom location in the geolocation listing, a custom account in the default accounts listing, and a legacy operating system to the Operating system insights page using the Splunk App for Lookup File Editing. See Edit a lookup file in the Splunk App for Lookup File Editing in the Splunk App for Lookup File Editing User Guide. Make sure to add the city, state, region, latitude, and longitude using the 2-digit naming convention for countries and regions.
Manage enrichment rules in Splunk Asset and Risk Intelligence | Set up data sources for Splunk Asset and Risk Intelligence |
This documentation applies to the following versions of Splunk® Asset and Risk Intelligence: 1.0.0, 1.0.1, 1.0.2
Feedback submitted, thanks!