Data collected by the Splunk Add-on for Asset and Risk Intelligence

The Splunk Add-on for Asset and Risk Intelligence collects asset-relevant information using scripted inputs. The inputs run at different frequencies. For example, the add-on collects network data more frequently than system data because system data changes less frequently.

The following table describes the types of data collected by the Splunk Add-on for Asset and Risk Intelligence:

Type	Description	Data source fields	Sourcetype
System	Includes system information from assets. The fields collected depend on the operating system.	nt_host, os, os_version, os_build, os_vendor, os_configuration, os_build_type, os_install_date, windows_directory, system_directory, system_boot_time, boot_device, registered_user, virtual_mem, processor, cpu_cores, cpu_mhz, domain, mem, system_type, available_memory, available_virtual_memory, serial, vendor, bios_version, product, model_identifier, chip, system_firmware_version, os_loader_version, hardware_uuid, provisioning_udid, kernel_version, boot_volume, boot_mode, secure_virtual_memory, system_integrity_protection, time_since_boot	ari_ta:asset
Network	Includes network information from assets including IP addresses and MAC addresses	mac, ip, ip_translated	ari_ta:asset
User	Includes information about the last user associated with the asset	user_id, account_active, last_logon, session	ari_ta:asset
Encryption	Includes encryption data from Windows (BitLocker) and Mac (Filevault)	bitLocker_version, encryption_method, volume_label, volume_letter, volume_type, drive_type, size, protection_status, conversion_status, fde_encrypted=1 fde_version, activation_lock_status	ari_ta:asset
Software	Includes the software vendor, product, and version. Not currently available for Linux.	install_date, install_location, ari_software_product, ari_software_vendor, ari_software_version	ari_ta:software

Related answers from Splunk Community

Data collected by the Splunk Add-on for Asset and Risk Intelligence

Comments

Was this topic useful?