Collect and extract asset and identity data in Splunk Enterprise Security
Collect and extract your asset and identity data in order to add it to Splunk Enterprise Security. In a Splunk Cloud Platform deployment, work with Splunk Professional Services to design and implement an asset and identity collection solution.
- Determine where the asset and identity data in your environment is stored.
- Collect and update your asset and identity data automatically to reduce the overhead and maintenance that manual updating requires and improve data integrity.
- Use Splunk DB Connect or another Splunk platform add-on to connect to an external database or repository.
- Use scripted inputs to import and format the lists.
- Use events indexed in the Splunk platform with a search to collect, sort, and export the data to a list.
Suggested collection methods for assets and identities.
| Technology | Asset or Identity data | Collection methods |
|---|---|---|
| Active Directory | Both | AD LDAP and a custom search. |
| Both | Splunk Supporting Add-on for Active Directory | |
| Both | SecKit Windows Assets Technology Add-on for Splunk Enterprise Security * | |
| LDAP | Both | AD LDAP and a custom search. |
| CMDB | Asset | Splunk DB Connect for integrating with 3rd Party structured data sources, and a custom search. |
| ServiceNow | Both | Splunk Add-on for ServiceNow |
| Bit9 | Asset | Splunk Add-on for Bit9 and a custom search. |
| Cisco ISE | Both | Splunk Add-on for Cisco ISE and a custom search. |
| Microsoft SCOM | Asset | Splunk Add-on for Microsoft SCOM and a custom search. |
| Sophos | Asset | Splunk Add-on for Sophos and a custom search. |
| Symantec Endpoint Protection | Asset | Splunk Add-on for Symantec Endpoint Protection and a custom search. |
| Amazon Web Services (AWS) | Both | Create Cloud Asset Lookup and Create Cloud Identity Lookup |
| Azure | Both | Create Cloud Asset Lookup and Create Cloud Identity Lookup |
| Google Cloud Platform | Both | Create Cloud Asset Lookup and Create Cloud Identity Lookup |
| Configuration Management Database (CMDB) | Asset | SecKit SA Common tools for populating assets and identities in Enterprise Security and PCI apps * |
For more information on custom search commands, see Create custom search commands for apps in Splunk Cloud Platform or Splunk Enterprise
Next step
Format an asset or identity list as a lookup in Splunk Enterprise Security