Splunk® Asset and Risk Intelligence

Release Notes

Splunk Asset and Risk Intelligence is not compatible with Splunk Enterprise 9.1.2 due to known issues SPL-237796, SPL-248319 where search results in "results" have more rows than expected. Upgrade to Splunk Enterprise 9.1.3 to use Splunk Asset and Risk Intelligence.

What's new in Splunk Asset and Risk Intelligence

Splunk Asset and Risk Intelligence is a security application that can help you discover assets on your network and shorten your investigations. Using asset and intelligence data from Splunk Asset and Risk Intelligence, you can assess the level of compliance with your security controls, investigate asset relationships, and enrich Splunk Enterprise Security notable events with asset context.

November 14, 2024 (version 1.0.1)

The following table lists the enhancements included in the 1.0.1 release of Splunk Asset and Risk Intelligence:

Enhancement Description
Improved upgrade process with the Install and upgrade helper Select Check upgrade for the new Internal data migration step to verify lookup configurations. It might take several minutes to complete processing. See Upgrade Splunk Asset and Risk Intelligence for more details on how to upgrade.

The 1.0.1 release of Splunk Asset and Risk Intelligence also includes maintenance improvements. See Fixed issues.

August 8, 2024 (version 1.0.0)

The following functionality is included in the 1.0 release of Splunk Asset and Risk Intelligence:

Feature Description
Discover and investigate assets Review reports on discovered assets, investigate assets, and visualize relationships between assets. See Investigate assets in Splunk Asset and Risk Intelligence.
Monitor asset activity Inspect asset history, attribute assets to other assets or events, and review anomaly reports on associated assets. See Monitor asset activity in Splunk Asset and Risk Intelligence.
Assess risk with compliance metrics Use the metric posture and metric matrix to review asset compliance, review compliance metric dashboards, and add and manage metric exceptions. See Assess risk with compliance metrics in Splunk Asset and Risk Intelligence.
Add cybersecurity framework dashboards Add cybersecurity frameworks to Splunk Asset and Risk Intelligence and provision metrics that map to the framework controls. Then, use the framework dashboards to identify security control gaps and track the remediation process. See Create and manage cybersecurity frameworks in Splunk Asset and Risk Intelligence.
Manage enrichment data Create enrichment rules and review your internal enrichment data. See Manage enrichment rules in Splunk Asset and Risk Intelligence and Review internal enrichment data in Splunk Asset and Risk Intelligence.
Add data sources Splunk Asset and Risk Intelligence includes known, compatible data sources that can pull data from specific events. You can select from these data sources, or add your own custom data sources. See Set up data sources for Splunk Asset and Risk Intelligence.
Add custom fields and data filters Add a custom field by populating the custom data inventory with the field values for each asset. Customize what Splunk Asset and Risk Intelligence discovers by blocking or allowing particular software products and vulnerabilities. See Add a custom asset field in Splunk Asset and Risk Intelligence and Manage data filters in Splunk Asset and Risk Intelligence.
Manage metrics Splunk Asset and Risk Intelligence includes a number of common security metrics called known metrics that you can add. You can also create your own custom metrics and add metric exceptions. See Create and manage metrics in Splunk Asset and Risk Intelligence.
Create risk scoring rules Create risk scoring rules based on filters or metrics to assign risk to assets. By assigning risk, you can monitor and investigate assets based on their risk level and total risk score. See Create and manage risk scoring rules in Splunk Asset and Risk Intelligence.
Audit configurations and operational logs Monitor, export, and share audit data in Splunk Asset and Risk Intelligence from several available audit reports. See Monitor, export, and share audit data in Splunk Asset and Risk Intelligence.
Integrate with Splunk Enterprise Security Continuously update asset and identity inventories, enrich Splunk Enterprise Security notable events with asset context, and review asset and identity investigation workflows from Splunk Enterprise Security by activating an integration. See Activate integration with Splunk Enterprise Security in Splunk Asset and Risk Intelligence.
Last modified on 14 November, 2024
  Known issues for Splunk Asset and Risk Intelligence

This documentation applies to the following versions of Splunk® Asset and Risk Intelligence: 1.0.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters