This documentation does not apply to the most recent version of Splunk® Enterprise Security.
For documentation on the most recent version, go to the latest release.
Add asset and identity data to Splunk Enterprise Security
Splunk Enterprise Security uses an asset and identity system to correlate asset and identity information with events to enrich and provide context to your data. This system takes information from external data sources to populate lookups, which Enterprise Security correlates with events at search time.
Add asset and identity data to Splunk Enterprise Security to take advantage of asset and identity correlation.
See also
How Splunk Enterprise Security correlates, processes, and merges asset and identity data
Last modified on 04 September, 2019
| Configure adaptive response actions for a correlation search in Splunk Enterprise Security | Collect and extract asset and identity data in Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2, 5.3.0, 5.3.1
Download manual
Feedback submitted, thanks!