Splunk® Enterprise Security

Administer Splunk Enterprise Security

Download manual as PDF

Download topic as PDF

Add asset and identity data to Splunk Enterprise Security

Splunk Enterprise Security uses an asset and identity system to correlate asset and identity information with events to enrich and provide context to your data. This system takes information from external data sources to populate lookups, which Enterprise Security correlates with events at search time.

Add asset and identity data to Splunk Enterprise Security to take advantage of asset and identity correlation.

  1. Collect and extract asset and identity data in Splunk Enterprise Security.
  2. (Optional) Define identity formats on the identity configuration page in Splunk Enterprise Security.
  3. Format the asset or identity list as a lookup in Splunk Enterprise Security.
  4. Configure a new asset or identity list in Splunk Enterprise Security.
  5. Verify that your asset or identity data was added to Splunk Enterprise Security.
  6. Configure asset and identity correlation in Splunk Enterprise Security.

See also

How Splunk Enterprise Security correlates, processes, and merges asset and identity data

Lookups that store merged asset and identity data

PREVIOUS
Configure adaptive response actions for a correlation search in Splunk Enterprise Security
  NEXT
Collect and extract asset and identity data in Splunk Enterprise Security

This documentation applies to the following versions of Splunk® Enterprise Security: 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 5.0.0, 5.0.1, 5.1.0, 5.1.1, 5.2.0, 5.2.1, 5.2.2


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters