What's new in Splunk Asset and Risk Intelligence
Version 1.2.1
Splunk Asset and Risk Intelligence version 1.2.1 is a maintenance release and was released on October 9, 2025. See Fixed issues for Splunk Asset and Risk Intelligence.
Version 1.2.0
Splunk Asset and Risk Intelligence version 1.2.0 was released on September 16, 2025 and includes the following new enhancements:
| Feature | Description |
|---|---|
| Cloud application discovery | The cloud application discovery captures all cloud applications, such as Gmail, Dropbox, or Outlook, that are associated with assets. See Cloud application field mapping. |
| Tracking vulnerabilities by CVE or signature | Some vulnerabilities have a signature but don't publish a CVE, so you can now choose how you want to track vulnerabilities. See Modify the default configurations. |
| Identity risk scoring | Create risk scoring rules based on filters or metrics to assign risk identities. See Create and manage risk scoring rules in Splunk Asset and Risk Intelligence. |
| Identity types | Splunk Asset and Risk Intelligence now includes a few default identity types. You can modify these identity types or add your own custom ones. See Add and manage identity types in Splunk Asset and Risk Intelligence. |
| Non-human identities | Identity types fall under two categories: Human or non-human. Human identities are tied to individual users. Non-human identities can span multiple systems, and they might be shared amongst several users. See Add and manage identity types in Splunk Asset and Risk Intelligence. |
| Ephemeral assets and identities | Ephemeral assets and identities are short-lived entities that appear briefly in your environment and might not persist beyond a set period of time. Turn on or turn off ephemeral asset or identity discovery. See Modify the default configurations. |
| Responses and response actions |
Take action on findings related to assets, identities, or operational health. Create automated or manual responses to discoveries such as compliance issues or identified risk. See Responding to assets and identities in Splunk Asset and Risk Intelligence. |
| Entity zone enhancements | Configure entity zones in the configuration settings. See Modify the default configurations. You can also split an asset metric by entity zone. See Split a metric by fields. |
| Internal enrichment data enhancements | Find the new MAC vendor data listing. See Review internal enrichment data in Splunk Asset and Risk Intelligence. |
| Manual asset record deletion | Manually delete specific records from one or more inventories. See Manually delete records. |
| Inventory retention enhancements | Modify the association record aging to remove any association combinations that have not been discovered for a defined period of time. See Manage asset inventory retention in Splunk Asset and Risk Intelligence. |
| Enrichment rule enhancements | Find new known enrichment rules with recognizable names. See Manage enrichment rules in Splunk Asset and Risk Intelligence. |
| New risk-based alerting (RBA) identity risk factors for Splunk Enterprise Security | Use new identity risk factors for Splunk Enterprise Security. See Use Splunk Asset and Risk Intelligence risk factors in Splunk Enterprise Security. |
| Transparent-mode federated search | Turn on Splunk Asset and Risk Intelligence compatibility with federated search provider transparent mode. See Modify the default configurations. |
| FIPS mode compatibility | Splunk Asset and Risk Intelligence is now compatible with the Splunk platform running on FIPS mode. No additional configuration required. |
| Attack surface explorer enhancements | Explore or investigate associated activity in a new way. Attack surface explorer gives you a complete view of an asset or identity and its related activity over time. See Visualize associated activity using attack surface explorer. |