Splunk Enterprise Security - Asset Lookup Fields
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1Splunk Enterprise Security - Asset Lookup Fields4/11/2018 7:25:35 AM
2Splunk Enterprise Security - Asset Lookup Fields4/11/2018 7:39:23 AM
3Splunk Enterprise Security - Asset Lookup Fields4/11/2018 7:44:06 AM
4Splunk Enterprise Security - Asset Lookup Fields4/11/2018 8:04:01 AM
5Splunk Enterprise Security - Asset Lookup Fields4/11/2018 8:08:06 AM
6Splunk Enterprise Security - Asset Lookup Fields4/11/2018 9:47:51 AM
7Splunk Enterprise Security - Asset Lookup Fields4/11/2018 9:56:52 AM
8Splunk Enterprise Security - Asset Lookup Fields4/19/2018 5:58:43 AM
9Splunk Enterprise Security - Asset Lookup Fields4/20/2018 8:09:38 AM
10Splunk Enterprise Security - Asset Lookup Fields5/7/2018 1:15:54 PM
11Splunk Enterprise Security - Asset Lookup Fields5/7/2018 1:22:25 PM

Description

Used to generate the asset fields for the assets lookup for Splunk Enterprise Security. Please reference Splunk Enterprise Security documentation on formating evaluations for additional information for your environment.  

Property Details

ID2998592
StatusBeta - Preliminary testing ready for more
TitleSplunk Enterprise Security - Asset Lookup Fields
DomainBESC
Keywordssplunk enterprise security assets csv
Added by on 5/7/2018 1:22:25 PM
Last Modified by on 5/7/2018 1:22:25 PM
Counters 528 Views / 1 Download
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Properties

ES_ip
Period 1 day
 
  * Results in a true/false
Show indented relevance
registration address of client
ES_mac
Period 1 day
 
  * Results in a true/false
Show indented relevance
if windows of operating system then concatenation "|" of (mac addresses of adapters of network) else if not windows of operating system then concatenation "|" of ((mac address of it as string) of ip interfaces whose (not loopback of it AND exists mac address of it) of network) else ""
ES_nt_host
Period 1 day
 
  * Results in a true/false
Show indented relevance
if windows of operating system then if exists folder "C:\Program Files\SplunkUniversalForwarder"then if exists file "C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf"then if NOT (computer name as lowercase is substring after "= " of line whose (it starts with "host = ") of file "C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf" as lowercase) then substring after "= " of line whose (it starts with "host = ") of file "C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf" as lowercase else computer name else computer name else computer name else if exists folder "/opt/splunkforwarder"then if exists file "/opt/splunkforwarder/etc/system/local/inputs.conf"then if NOT (computer name as lowercase is substring after "= " of line whose (it starts with "host = ") of file "/opt/splunkforwarder/etc/system/local/inputs.conf" as lowercase) then substring after "= " of line whose (it starts with "host = ") of file "/opt/splunkforwarder/etc/system/local/inputs.conf" as lowercase else computer name else computer name else computer name
ES_dns
Period 1 day
 
  * Results in a true/false
Show indented relevance
if ( exists true whose (if true then exists dns name else false) ) then dns name else ""

Relevance

Used in 79 fixlets and 86 analyses   * Results in a true/false
Show indented relevance
true

Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!