Splunk Enterprise Security - Asset Lookup Fields - superseded
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is an older version.

1Splunk Enterprise Security - Asset Lookup Fields4/11/2018 7:25:35 AM
2Splunk Enterprise Security - Asset Lookup Fields4/11/2018 7:39:23 AM
3Splunk Enterprise Security - Asset Lookup Fields4/11/2018 7:44:06 AM
4Splunk Enterprise Security - Asset Lookup Fields4/11/2018 8:04:01 AM
5Splunk Enterprise Security - Asset Lookup Fields4/11/2018 8:08:06 AM
6Splunk Enterprise Security - Asset Lookup Fields4/11/2018 9:47:51 AM
7Splunk Enterprise Security - Asset Lookup Fields4/11/2018 9:56:52 AM
8Splunk Enterprise Security - Asset Lookup Fields4/19/2018 5:58:43 AM
9Splunk Enterprise Security - Asset Lookup Fields4/20/2018 8:09:38 AM
10Splunk Enterprise Security - Asset Lookup Fields5/7/2018 1:15:54 PM
11Splunk Enterprise Security - Asset Lookup Fields5/7/2018 1:22:25 PM

Description

Used to generate the asset fields for the assets lookup for Splunk Enterprise Security. Please reference Splunk Enterprise Security documentation on formating evaluations for additional information for your environment.  

Property Details

ID2998583
StatusBeta - Preliminary testing ready for more
TitleSplunk Enterprise Security - Asset Lookup Fields
DomainBESC
Keywordssplunk enterprise security assets csv
Added by on 4/11/2018 7:39:23 AM
Last Modified by on 4/11/2018 7:39:23 AM
Counters 2489 Views / 0 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

ip
Period 1 day
 
  * Results in a true/false
Show indented relevance
if ( exists true whose (if true then ( exists ip interfaces of network) else false) ) then concatenation "|" of (addresses whose (it as string != "0.0.0.0") of ip interfaces whose (not loopback of it) of network as string) else nothing
mac
Period 1 day
 
  * Results in a true/false
Show indented relevance
if windows of operating system then concatenation "|" of (mac addresses of adapters of network) else if not windows of operating system then concatenation "|" of ((mac address of it as string) of ip interfaces whose (not loopback of it AND exists mac address of it) of network) else ""
nt_host
Period 1 day
 
  * Results in a true/false
Show indented relevance
computer name
dns
Period 1 day
 
  * Results in a true/false
Show indented relevance
if ( exists true whose (if true then exists dns name else false) ) then dns name else ""
owner
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
priority
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
lat
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
long
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
city
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
country
Period 1 hour
 
  * Results in a true/false
Show indented relevance
"" as string
bunit
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
category
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string""
pci_domain
Period 1 day
 
  * Results in a true/false
Show indented relevance
"Trust" as string
is_expected
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
should_timesync
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
should_update
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
requires_av
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string

Relevance

Used in 97 fixlets and 101 analyses   * Results in a true/false
Show indented relevance
true

Sharing

Social Media:
Share this page on Yammer


Comments

Log In or Register to leave comments!
 

Content

Search
Share
Learn
Projects

Utilities

View SCM Scripts
Base64 Converter
Shell to Action Script

About

About Us
Tour
FAQ
Terms
Contact Us

BigFix Resources

Download BigFix
Support
Forum
Github/Bigfix
bigfix.me All Content
Hosted on bigfixme-as