Splunk® Enterprise Security

Administer Splunk Enterprise Security

The documentation for Splunk Enterprise Security versions 8.0 and higher have been rearchitected from previous versions, causing some links to have redirect errors. For documentation on version 8.0, see Splunk Enterprise Security documentation homepage.
This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Collect and extract asset and identity data in Splunk Enterprise Security

Collect and extract your asset and identity data in order to add it to Splunk Enterprise Security. In a Splunk Cloud Platform deployment, work with Splunk Professional Services to design and implement an asset and identity collection solution.

  1. Determine where the asset and identity data in your environment is stored.
  2. Collect and update your asset and identity data automatically to reduce the overhead and maintenance that manual updating requires and improve data integrity.
  • Use Splunk DB Connect or another Splunk platform add-on to connect to an external database or repository.
  • Use scripted inputs to import and format the lists.
  • Use events indexed in the Splunk platform with a search to collect, sort, and export the data to a list.

Suggested collection methods for assets and identities.

Technology Asset or Identity data Collection methods
Active Directory Both AD LDAP and a custom search.
Both Splunk Supporting Add-on for Active Directory
Both SecKit Windows Assets Technology Add-on for Splunk Enterprise Security *
LDAP Both AD LDAP and a custom search.
CMDB Asset Splunk DB Connect for integrating with 3rd Party structured data sources, and a custom search.
ServiceNow Both Splunk Add-on for ServiceNow
Bit9 Asset Splunk Add-on for Bit9 and a custom search.
Cisco ISE Both Splunk Add-on for Cisco ISE and a custom search.
Microsoft SCOM Asset Splunk Add-on for Microsoft SCOM and a custom search.
Sophos Asset Splunk Add-on for Sophos and a custom search.
Symantec Endpoint Protection Asset Splunk Add-on for Symantec Endpoint Protection and a custom search.
Amazon Web Services (AWS) Both Create Cloud Asset Lookup and Create Cloud Identity Lookup
Azure Both Create Cloud Asset Lookup and Create Cloud Identity Lookup
Google Cloud Platform Both Create Cloud Asset Lookup and Create Cloud Identity Lookup
Splunk Asset and Risk Intelligence Asset Splunk ARI

For more information on custom search commands, see Create custom search commands for apps in Splunk Cloud Platform or Splunk Enterprise

Next step


Format an asset or identity list as a lookup in Splunk Enterprise Security

Last modified on 25 July, 2024
Manage asset and identity upon upgrade   Format an asset or identity list as a lookup in Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 7.3.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters