Splunk® Add-on for Asset and Risk Intelligence

Install and Manage the Splunk Add-on for Asset and Risk Intelligence

Install the Splunk Add-on for Asset and Risk Intelligence

Use the Splunk Universal Forwarder to deploy the Splunk Add-on for Asset and Risk Intelligence. To install the add-on, complete the following steps:

  1. Make sure your indexers include the ari_ta index. If the ari_ta index doesn't exist, create one. See Create indexes for Splunk Asset and Risk Intelligence in the Install and Upgrade Splunk Asset and Risk Intelligence manual.
  2. Deploy the appropriate apps for the Splunk Add-on for Asset and Risk Intelligence to your indexers without any local configurations. Deployment apps are available for Mac, Windows, and Linux operating systems. Choose from the following links to download the appropriate app from Splunkbase:
  3. Deploy the appropriate apps for the Splunk Add-on for Asset and Risk Intelligence to your forwarders using a local inputs configuration. Deployment apps are available for Mac, Windows, and Linux operating systems.
    1. Place the apps in the deployment-apps folder on your deployment server.
    2. Create a local directory in each app and place a local inputs.conf file in each one. See Local inputs.conf files.
    3. For each type of operating system you deploy to, deploy the apps using an appropriate serverclass. For example, you might create a serverclass to deploy to all Windows forwarders, and then a serverclass to deploy to all Linux forwarders.
  4. (Optional) Validate the Splunk Add-on for Asset and Risk Intelligence deployment. Check for data by entering the following search:

    index=ari_ta

Local inputs.conf files

Use the following local inputs.conf files and place them in the local directory for each app.

Windows

##############################################################################
## Monitoring of Windows InstalledPrograms file
[script://.\bin\ari_get_installed_programs.bat]
disabled = false

##############################################################################
## Monitoring of Windows System Info file
[script://.\bin\ari_get_system_info.bat]
disabled = false

##############################################################################
## Monitoring of User details
[script://.\bin\ari_get_user_details.bat]
disabled = false

##############################################################################
## Monitoring of Bitlocker Info file
[script://.\bin\ari_get_bitlocker_info.bat]
disabled = false

##############################################################################
## Monitoring of Windows Network Info file
[script://.\bin\ari_get_network_info.bat]
disabled = false

Linux

##############################################################################
## Monitoring of Linux System Info
[script://./bin/ari_linux_get_system_info.sh]
disabled = false

##############################################################################
## Monitoring of Network Info
[script://./bin/ari_linux_get_network_info.sh]
disabled = false

##############################################################################
## Monitoring of User details
[script://./bin/ari_linux_get_user_details.sh]
disabled = false

Mac

##############################################################################
## Monitoring of Mac OSx InstalledPrograms
[script://./bin/ari_osx_get_app_list.sh]
disabled = false

##############################################################################
## Monitoring of Mac OSx System Info
[script://./bin/ari_osx_get_system_info.sh]
disabled = false

##############################################################################
## Monitoring of Network Info
[script://./bin/ari_osx_get_network_info.sh]
disabled = false

##############################################################################
## Monitoring of User details
[script://./bin/ari_osx_get_user_details.sh]
disabled = false

Uninstall the Splunk Add-on for Asset and Risk Intelligence

To uninstall the Splunk Add-on for Asset and Risk Intelligence, use forwarder management to remove the deployment apps from your deployment server. See Uninstall an app in the Splunk Enterprise Updating Splunk Enterprise Instances manual.

Next step

Add data sources for the add-on in Splunk Asset and Risk Intelligence. See Known data sources available for the Splunk Add-on for Asset and Risk Intelligence.

Last modified on 05 August, 2024
System requirements and product compatibility for the Splunk Add-on for Asset and Risk Intelligence   Known data sources available for the Splunk Add-on for Asset and Risk Intelligence

This documentation applies to the following versions of Splunk® Add-on for Asset and Risk Intelligence: 1.0.0

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters