Collect and extract asset and identity data in Splunk Enterprise Security
Collect and extract your asset and identity data in order to add it to Splunk Enterprise Security. In a Splunk Cloud Platform deployment, work with Splunk Professional Services to design and implement an asset and identity collection solution.
- Determine where the asset and identity data in your environment is stored.
- Collect and update your asset and identity data automatically to reduce the overhead and maintenance that manual updating requires and improve data integrity.
- Use Splunk DB Connect or another Splunk platform add-on to connect to an external database or repository.
- Use scripted inputs to import and format the lists.
- Use events indexed in the Splunk platform with a search to collect, sort, and export the data to a list.
Suggested collection methods for assets and identities.
Technology | Asset or Identity data | Collection methods |
---|---|---|
Active Directory | Both | AD LDAP and a custom search. |
Both | Splunk Supporting Add-on for Active Directory | |
Both | SecKit Windows Assets Technology Add-on for Splunk Enterprise Security * | |
LDAP | Both | AD LDAP and a custom search. |
CMDB | Asset | Splunk DB Connect for integrating with 3rd Party structured data sources, and a custom search. |
ServiceNow | Both | Splunk Add-on for ServiceNow |
Bit9 | Asset | Splunk Add-on for Bit9 and a custom search. |
Cisco ISE | Both | Splunk Add-on for Cisco ISE and a custom search. |
Microsoft SCOM | Asset | Splunk Add-on for Microsoft SCOM and a custom search. |
Sophos | Asset | Splunk Add-on for Sophos and a custom search. |
Symantec Endpoint Protection | Asset | Splunk Add-on for Symantec Endpoint Protection and a custom search. |
Amazon Web Services (AWS) | Both | Create Cloud Asset Lookup and Create Cloud Identity Lookup |
Azure | Both | Create Cloud Asset Lookup and Create Cloud Identity Lookup |
Google Cloud Platform | Both | Create Cloud Asset Lookup and Create Cloud Identity Lookup |
Configuration Management Database (CMDB) | Asset | SecKit SA Common tools for populating assets and identities in Enterprise Security and PCI apps * |
For more information on custom search commands, see Create custom search commands for apps in Splunk Cloud Platform or Splunk Enterprise
Next step
Format an asset or identity list as a lookup in Splunk Enterprise Security
Manage asset and identity upon upgrade | Format an asset or identity list as a lookup in Splunk Enterprise Security |
This documentation applies to the following versions of Splunk® Enterprise Security: 7.0.1, 7.0.2, 7.1.0, 7.1.1, 7.1.2, 7.2.0, 7.3.0, 7.3.1
Feedback submitted, thanks!