Splunk Enterprise Security - Asset Lookup Fields - superseded
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is an older version.

1Splunk Enterprise Security - Asset Lookup Fields4/11/2018 7:25:35 AM
2Splunk Enterprise Security - Asset Lookup Fields4/11/2018 7:39:23 AM
3Splunk Enterprise Security - Asset Lookup Fields4/11/2018 7:44:06 AM
4Splunk Enterprise Security - Asset Lookup Fields4/11/2018 8:04:01 AM
5Splunk Enterprise Security - Asset Lookup Fields4/11/2018 8:08:06 AM
6Splunk Enterprise Security - Asset Lookup Fields4/11/2018 9:47:51 AM
7Splunk Enterprise Security - Asset Lookup Fields4/11/2018 9:56:52 AM
8Splunk Enterprise Security - Asset Lookup Fields4/19/2018 5:58:43 AM
9Splunk Enterprise Security - Asset Lookup Fields4/20/2018 8:09:38 AM
10Splunk Enterprise Security - Asset Lookup Fields5/7/2018 1:15:54 PM
11Splunk Enterprise Security - Asset Lookup Fields5/7/2018 1:22:25 PM

Description

Used to generate the asset fields for the assets lookup for Splunk Enterprise Security. Please reference Splunk Enterprise Security documentation on formating evaluations for additional information for your environment.  

Property Details

ID2998589
StatusBeta - Preliminary testing ready for more
TitleSplunk Enterprise Security - Asset Lookup Fields
DomainBESC
Keywordssplunk enterprise security assets csv
Added by on 4/19/2018 5:58:43 AM
Last Modified by on 4/19/2018 5:58:43 AM
Counters 329 Views / 1 Download
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

ES_ip
Period 1 day
 
  * Results in a true/false
Show indented relevance
registration address of client
ES_mac
Period 1 day
 
  * Results in a true/false
Show indented relevance
if windows of operating system then concatenation "|" of (mac addresses of adapters of network) else if not windows of operating system then concatenation "|" of ((mac address of it as string) of ip interfaces whose (not loopback of it AND exists mac address of it) of network) else ""
ES_nt_host
Period 1 day
 
  * Results in a true/false
Show indented relevance
if windows of operating system then if exists folder "C:\Program Files\SplunkUniversalForwarder"then if exists file "C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf"then if NOT (computer name as lowercase is substring after "= " of line whose (it starts with "host = ") of file "C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf" as lowercase) then substring after "= " of line whose (it starts with "host = ") of file "C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf" as lowercase else computer name else computer name else computer name else if exists folder "/opt/splunkforwarder"then if exists file "/opt/splunkforwarder/etc/system/local/inputs.conf"then if NOT (computer name as lowercase is substring after "= " of line whose (it starts with "host = ") of file "/opt/splunkforwarder/etc/system/local/inputs.conf" as lowercase) then substring after "= " of line whose (it starts with "host = ") of file "/opt/splunkforwarder/etc/system/local/inputs.conf" as lowercase else computer name else computer name else computer name
ES_dns
Period 1 day
 
  * Results in a true/false
Show indented relevance
if ( exists true whose (if true then exists dns name else false) ) then dns name else ""
ES_owner
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
ES_priority
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
ES_lat
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
ES_long
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
ES_city
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
ES_country
Period 1 hour
 
  * Results in a true/false
Show indented relevance
"" as string
ES_bunit
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
ES_category
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string""
ES_pci_domain
Period 1 day
 
  * Results in a true/false
Show indented relevance
"Trust" as string
ES_is_expected
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
ES_should_timesync
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
ES_should_update
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string
ES_requires_av
Period 1 day
 
  * Results in a true/false
Show indented relevance
"" as string

Relevance

Used in 81 fixlets and 86 analyses   * Results in a true/false
Show indented relevance
true

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!