Splunk Asset and Risk Intelligence is not compatible with Splunk Enterprise 9.1.2 due to known issues SPL-237796, SPL-248319 where search results in "results" have more rows than expected. Upgrade to Splunk Enterprise 9.1.3 to use Splunk Asset and Risk Intelligence.
Splunk Asset and Risk Intelligence onboarding guide for admins
As an admin user with the ari_admin role, you can begin setting up Splunk Asset and Risk Intelligence for users after you finish installing the application. The following table provides an overview of each task and its associated documentation link:
| Step number | Setup task | Description | Documentation |
|---|---|---|---|
| 1 | Set up directories | Splunk Asset and Risk Intelligence includes 2 internal data sources for enrichment: a company subnet directory and a company user directory. Populate these directories to help locate assets on internal networks and provide context on user IDs. | Set up directories for Splunk Asset and Risk Intelligence |
| 2 | Set up data sources | Splunk Asset and Risk Intelligence includes known, compatible data sources that can pull data from specific events. You can select from these data sources, or add your own custom data sources. | Set up data sources for Splunk Asset and Risk Intelligence |
| 3 | Add custom fields | Add custom fields by populating the custom data inventory with the field values for each asset. | Add a custom field in Splunk Asset and Risk Intelligence |
| 4 | Turn on or turn off discovery searches | Turn on Splunk Asset and Risk Intelligence discovery searches to start discovering assets. | Turn on or turn off discovery searches in Splunk Asset and Risk Intelligence |
| 5 | Add metrics | Select which metrics to report on based on the data sources you selected. You can add known metrics included with Splunk Asset and Risk Intelligence, or you can create custom metrics. | Create and manage metrics in Splunk Asset and Risk Intelligence |
| 6 | Add asset enrichment rules | Use Splunk Asset and Risk Intelligence default enrichment rules to improve asset information such as missing field values. You can also create custom enrichment rules. | Manage enrichment rules in Splunk Asset and Risk Intelligence |
| 7 | Activate integration with Splunk Enterprise Security | Activate integration with Splunk Enterprise Security to enrich notable events with Splunk Asset and Risk Intelligence asset context. | Activate integration with Splunk Enterprise Security in Splunk Asset and Risk Intelligence |
See also
Get started with Splunk Asset and Risk Intelligence Echo in the Install and Manage Splunk Asset and Risk Intelligence Echo manual
Get started with the Splunk Add-on for Asset and Risk Intelligence in the Install and Manage Splunk Add-on for Asset and Risk Intelligence manual
Last modified on 05 August, 2024
| Set up directories for Splunk Asset and Risk Intelligence |
This documentation applies to the following versions of Splunk® Asset and Risk Intelligence: 1.0.0, 1.0.1
Download manual
Feedback submitted, thanks!