Splunk Asset and Risk Intelligence is not compatible with Splunk Enterprise 9.1.2 due to known issues SPL-237796, SPL-248319 where search results in "results" have more rows than expected. Upgrade to Splunk Enterprise 9.1.3 to use Splunk Asset and Risk Intelligence.
What's new in Splunk Asset and Risk Intelligence
Splunk Asset and Risk Intelligence version 1.1.1 was released on March 6, 2025 and includes the following new enhancements:
| Feature | Description |
|---|---|
| Customizable home page | Customize your asset overview in the Home dashboard. You can opt to show risk scoring charts, select which asset types to see, and manage the display of metrics. See Customize the home page. |
| Improvements to discovery workflows | Create a filter for both discovery reports and risk scoring rules, see discovered assets, IP addresses, and MAC addresses all in one place, and find more details on software and vulnerabilities. See Review discovery reports on assets and identities. |
| New OT insights dashboard | Find visualizations with data on active OT devices, including details such as device class, vendor, subnets and overall activity. See Use insight dashboards to review reports on systems and accounts associated with discovered assets. |
| Improvements to investigation workflows | See more details on risk and detection activity while investigating an asset or identity. See Investigate assets and identities. |
| Improvements to the Splunk Enterprise Security integration | After an admin activates the integration, use Splunk Asset and Risk Intelligence workflow actions, risk factors, and asset and identity context in Splunk Enterprise Security version 7.x or 8.x. See Use Splunk Asset and Risk Intelligence data with Splunk Enterprise Security and Activate integration with Splunk Enterprise Security. |
| Improvements to risk dashboards and new asset and identity metric matrices | Find more details on risk and frameworks, organize dashboards by split-by fields, and review metric compliance by asset or identity. See Assess risk using metrics and Review framework dashboards and risk scoring insights. |
| Simplified process for adding data sources | See more information on known data sources, spread data processing for batched sources, choose to merge or overwrite data when adding custom sources, and reset priorities at the field level. See Add or modify a data source and Create and modify event searches. |
| Improvements to the ServiceNow integration | Add multiple ServiceNow instances to Splunk Asset and Risk Intelligence and push data to import set tables from different environments. See Integrate ServiceNow data with Splunk Asset and Risk Intelligence data. |
| Simplified process for adding metrics, exceptions, and risk scoring rules | Set metric exception expiry, split a metric by a particular field, add a metric for multiple data sources, and test metric logic while you edit. See Create and manage metrics, Create and manage risk scoring rules, and Add metric exceptions. |
| Simplified process for adding frameworks | Find more known frameworks and automatically map to your selected metrics. See Create and manage cybersecurity frameworks. |
| Improvements to operational health and audit dashboards | Find health statuses for processing searches, and audit data sources to find how much each source contributes to each inventory field. See Monitor, export, and share audit data. |
| Simplified process for installing and upgrading | Use the post-install configuration to initialize data, and easily manage capabilities for Splunk Asset and Risk Intelligence
admin and analyst roles. See Initialize data for Splunk Asset and Risk Intelligence, Set up roles and capabilities, and Upgrade Splunk Asset and Risk Intelligence. |
Last modified on 06 March, 2025
| Known issues for Splunk Asset and Risk Intelligence |
This documentation applies to the following versions of Splunk® Asset and Risk Intelligence: 1.1.1
Download manual
Feedback submitted, thanks!