Splunk Asset and Risk Intelligence (Splunk ARI) discovers and reports on risks affecting assets and identities. This risk discovery is performed in real-time, ensuring that risks can be quickly addressed, helping to limit exposure and increase overall security posture. In this post, we highlight three use cases related to asset risk using Splunk ARI.
Read more
Splunk Asset and Risk Intelligence (Splunk ARI) keeps track asset and identity discovery activity over time. This activity supports investigations into who had what asset and when, in addition to providing insights about asset changes over time and when they were first or last discovered. In this post, we highlight three use cases related to asset activity using Splunk ARI.
Read more
Splunk Asset and Risk Intelligence (Splunk ARI) has powerful asset and identity investigative capabilities. Investigations help to reveal the full asset record, cybersecurity control gaps and any associated activity. In this post, we highlight three use cases related to asset investigations using Splunk ARI.
Read more
Splunk Asset and Risk Intelligence (Splunk ARI) continually discovers assets and identities. It does this using a patented approach that correlates data across mulitple sources in real-time. In this post, we highlight three use cases related to asset discovery using Splunk ARI.
Read more
Data protection is a critical priority for any organization, especially when dealing with sensitive information like personal identifiable information (PII) and protected health information (PHI) data. Implementing robust protection mechanisms not only ensures compliance with regulations like the General Data Protection Regulation (GDPR) but also mitigates the risk of data breaches.
Read more
One recurring challenge in managing cloud environments is the tendency for lab and development instances to remain active long after they’re needed. While it might seem like a small oversight, the impact can be significant. These idle instances rack up unnecessary costs, drain valuable resources, and open the door to security vulnerabilities. Configuring effective monitoring to notify about the running instances is a good way to address this problem.
Read more
If your Cribl environment was set up a few years ago, it might be time to revisit some of your settings—particularly the Persistent Queue (PQ) settings on your source inputs. Recently, while troubleshooting an issue, I discovered that the PQ settings were the root cause of the problem. I wanted to share my findings in case they help you optimize your Cribl setup.
Read more
With the recent release of Splunk Asset and Risk Intelligence (ARI), you may be looking for a better understanding of this great new solution and how you may get started. We have compiled a list of materials and resources you can use to help achieve this goal.
If this is your first time reading up on Splunk Asset and Risk Intelligence, check these out first:
> Our Splunk Asset and Risk Intelligence overview
> Splunk Asset and Risk Intelligence web page
> Splunk Asset and Risk Intelligence Product Brief
> Splunk Asset and Risk Intelligence Technical Brief
Splunk has published an essential guide, which outlines several use cases to explore.
> Essential Guide to Continuous Asset and Identity Intelligence
Get a quick look at the Splunk ARI interface with screen shots of the platform, along with information about its features and capabilities through the following blog posts:
> Introducing Splunk Asset and Risk Intelligence
> Asset Discovery with Splunk Asset and Risk Intelligence
> Asset Investigations with Splunk Asset and Risk Intelligence
> Asset Activity with Splunk Asset and Risk Intelligence
> Asset Risk with Splunk Asset and Risk Intelligence
> Continuous, and Compliant: Obtain Proactive Insights with Splunk Asset and Risk Intelligence
> Splunk Asset and Risk Intelligence Intro video
> Take the Splunk Asset and Risk Intelligence Guided Tour
> Book a demo with Discovered Intelligence
Get answers from the community
Get specific instructions for tasks within the Splunk ARI platform by reviewing the documentation:
> Splunk Asset and Risk Intelligence Documentation
It is often quicker, easier and more cost effective to get the Splunk ARI experts in. Our award winning consultants are highly trained on Splunk ARI and will ensure your continued success.
> Splunk ARI Quick Start Program
> Splunk ARI Professional Services
Contact us today to find out more about Splunk Asset and Risk Intelligence and how we can help you be successful.
Looking to expedite your success with Splunk ARI? Contact us today to discuss and get started.
© Discovered Intelligence Inc., 2024. Unauthorized use and/or duplication of this material without express and written permission from this site’s owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Discovered Intelligence, with appropriate and specific direction (i.e. a linked URL) to this original content.
Splunk Cloud Platform recently got an exciting new feature, it’s the new app export feature which provides cloud admins self-service capability to export app configuration files and associated app data.
Read more
We had a recent request to create a Splunk alert that runs hourly with a time range of midnight UTC of current date to current time. This sounds like an easy request, but when you look into it it’s a bit more complicated than it seems.
Read more