Splunk Enterprise Security - Asset Lookup Fields - superseded
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is an older version.

1Splunk Enterprise Security - Asset Lookup Fields4/11/2018 7:25:35 AM
2Splunk Enterprise Security - Asset Lookup Fields4/11/2018 7:39:23 AM
3Splunk Enterprise Security - Asset Lookup Fields4/11/2018 7:44:06 AM
4Splunk Enterprise Security - Asset Lookup Fields4/11/2018 8:04:01 AM
5Splunk Enterprise Security - Asset Lookup Fields4/11/2018 8:08:06 AM
6Splunk Enterprise Security - Asset Lookup Fields4/11/2018 9:47:51 AM
7Splunk Enterprise Security - Asset Lookup Fields4/11/2018 9:56:52 AM
8Splunk Enterprise Security - Asset Lookup Fields4/19/2018 5:58:43 AM
9Splunk Enterprise Security - Asset Lookup Fields4/20/2018 8:09:38 AM
10Splunk Enterprise Security - Asset Lookup Fields5/7/2018 1:15:54 PM
11Splunk Enterprise Security - Asset Lookup Fields5/7/2018 1:22:25 PM

Description

Used to generate the asset fields for the assets lookup for Splunk Enterprise Security. Please reference Splunk Enterprise Security documentation on formating evaluations for additional information for your environment.  

Property Details

ID2998588
StatusBeta - Preliminary testing ready for more
TitleSplunk Enterprise Security - Asset Lookup Fields
DomainBESC
Keywordssplunk enterprise security assets csv
Added by on 4/11/2018 9:56:52 AM
Last Modified by on 4/11/2018 9:56:52 AM
Counters 1005 Views / 0 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

ip
Period 1 day
 
  * Results in a true/false
Show indented relevance
registration address of client
mac
Period 1 day
 
  * Results in a true/false
Show indented relevance
if windows of operating system then concatenation "|" of (mac addresses of adapters of network) else if not windows of operating system then concatenation "|" of ((mac address of it as string) of ip interfaces whose (not loopback of it AND exists mac address of it) of network) else ""
nt_host
Period 1 day
 
  * Results in a true/false
Show indented relevance
if windows of operating system then if exists folder "C:\Program Files\SplunkUniversalForwarder"then if exists file "C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf"then if NOT (computer name as lowercase is substring after "= " of line whose (it starts with "host = ") of file "C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf" as lowercase) then substring after "= " of line whose (it starts with "host = ") of file "C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf" as lowercase else computer name else computer name else computer name else if exists folder "/opt/splunkforwarder"then if exists file "/opt/splunkforwarder/etc/system/local/inputs.conf"then if NOT (computer name as lowercase is substring after "= " of line whose (it starts with "host = ") of file "/opt/splunkforwarder/etc/system/local/inputs.conf" as lowercase) then substring after "= " of line whose (it starts with "host = ") of file "/opt/splunkforwarder/etc/system/local/inputs.conf" as lowercase else computer name else computer name else computer name
dns
Period 1 day
 
  * Results in a true/false
Show indented relevance
if ( exists true whose (if true then exists dns name else false) ) then dns name else ""
owner
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
priority
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
lat
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
long
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
city
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
country
Period 1 hour
 
  * Results in a true/false
Show indented relevance
"" as string
bunit
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
category
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string""
pci_domain
Period 1 day
 
  * Results in a true/false
Show indented relevance
"Trust" as string
is_expected
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
should_timesync
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
should_update
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
requires_av
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string

Relevance

Used in 86 fixlets and 88 analyses   * Results in a true/false
Show indented relevance
true

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!