Data collected by the Splunk Add-on for Asset and Risk Intelligence (2024)

Splunk® Add-on for Asset and Risk Intelligence

Install and Manage the Splunk Add-on for Asset and Risk Intelligence

  1. Documentation
  2. Splunk® Add-on for Asset and Risk Intelligence
  3. Install and Manage the Splunk Add-on for Asset and Risk Intelligence
  4. Data collected by the Splunk Add-on for Asset and Risk Intelligence

Introduction

Install and configure

Manage

  • Known data sources available for the Splunk Add-on for Asset and Risk Intelligence
  • Data collected by the Splunk Add-on for Asset and Risk Intelligence

Release notes

Data collected by the Splunk Add-on for Asset and Risk Intelligence (12)

  • Stuck with Splunk ES Upgrade

Read more...

The Splunk Add-on for Asset and Risk Intelligence collects asset-relevant information using scripted inputs. The inputs run at different frequencies. For example, the add-on collects network data more frequently than system data because system data changes less frequently.

The following table describes the types of data collected by the Splunk Add-on for Asset and Risk Intelligence:

TypeDescriptionData source fieldsSourcetype
SystemIncludes system information from assets. The fields collected depend on the operating system.nt_host, os, os_version, os_build, os_vendor, os_configuration, os_build_type, os_install_date, windows_directory, system_directory, system_boot_time, boot_device, registered_user, virtual_mem, processor, cpu_cores, cpu_mhz, domain, mem, system_type, available_memory, available_virtual_memory, serial, vendor, bios_version, product, model_identifier, chip, system_firmware_version, os_loader_version, hardware_uuid, provisioning_udid, kernel_version, boot_volume, boot_mode, secure_virtual_memory, system_integrity_protection, time_since_bootari_ta:asset
NetworkIncludes network information from assets including IP addresses and MAC addressesmac, ip, ip_translatedari_ta:asset
UserIncludes information about the last user associated with the assetuser_id, account_active, last_logon, sessionari_ta:asset
EncryptionIncludes encryption data from Windows (BitLocker) and Mac (Filevault)bitLocker_version, encryption_method, volume_label, volume_letter, volume_type, drive_type, size, protection_status, conversion_status, fde_encrypted=1 fde_version, activation_lock_statusari_ta:asset
SoftwareIncludes the software vendor, product, and version. Not currently available for Linux.install_date, install_location, ari_software_product, ari_software_vendor, ari_software_versionari_ta:software

Last modified on 05 August, 2024

Known data sources available for the Splunk Add-on for Asset and Risk IntelligenceKnown issues for the Splunk Add-on for Asset and Risk Intelligence

This documentation applies to the following versions of Splunk® Add-on for Asset and Risk Intelligence: 1.0.0

Download manual

Download this page

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

Data collected by the Splunk Add-on for Asset and Risk Intelligence (15)

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here »

Closing this box indicates that you accept our Cookie Policy.

Data collected by the Splunk Add-on for Asset and Risk Intelligence (2024)
Top Articles
Latest Posts
Article information

Author: Dean Jakubowski Ret

Last Updated:

Views: 6175

Rating: 5 / 5 (50 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Dean Jakubowski Ret

Birthday: 1996-05-10

Address: Apt. 425 4346 Santiago Islands, Shariside, AK 38830-1874

Phone: +96313309894162

Job: Legacy Sales Designer

Hobby: Baseball, Wood carving, Candle making, Jigsaw puzzles, Lacemaking, Parkour, Drawing

Introduction: My name is Dean Jakubowski Ret, I am a enthusiastic, friendly, homely, handsome, zealous, brainy, elegant person who loves writing and wants to share my knowledge and understanding with you.