Finding Asset and Identity Risk with Splunk Asset and Risk Intelligence

/in , , , , , /by

Splunk Asset and Risk Intelligence (Splunk ARI) discovers and reports on risks affecting assets and identities. This risk discovery is performed in real-time, ensuring that risks can be quickly addressed, helping to limit exposure and increase overall security posture. In this post, we highlight three use cases related to asset risk using Splunk ARI.

Discover endpoint security agent gaps

Are you sure every workstation and server asset in your organization has endpoint security deployed and running? Splunk ARI will discover all your assets, including the ones you do not know about, then report on compliance against all your cybersecurity controls. A metric can be quickly created to identify all discovered assets that do not have endpoint security agents deployed. Agents can then be deployed to these non-compliant assets, to address the control gap and reduce risk.

Discover executive owned assets with high risks

Wondering how secure the assets used by your executives actually are? The risk rule functionality of Splunk ARI makes this task simple by assigning scores to your riskiest assets. For example, you could easily create a rule that identifies executive used assets, without endpoint security, with critical or high vulnerabilities, and then assign a risk score to them. Assets with risks can be reported on and displayed during investigations. The risk score for an asset can also be used as a risk factor in Splunk Enterprise Security.

Measure compliance with NIST cybersecurity frameworks

Governed by specific cybersecurity frameworks and spending hours trying to demonstrate compliance? ARI automatically maps asset and identity metrics against relevant controls in both standard or your business-specific cybersecurity frameworks. Many common frameworks, such as NIST CSF, are included each framework has a dedicated report that can be filtered. The NIST CSF report below shows the Splunk ARI metrics mapped to individual controls in the NIST CSF. No manual entry is needed – all metrics in Splunk ARI are automatically calculated.

More from this series:

Looking to find out more about Splunk Asset and Risk Intelligence? Contact us today for a demo and information about our Splunk ARI professional services.

© Discovered Intelligence Inc., 2025. Unauthorized use and/or duplication of this material without express and written permission from this site’s owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Discovered Intelligence, with appropriate and specific direction (i.e. a linked URL) to this original content.

You might also like
default account discoverySplunk and the Internet of Things (IoT)
Enhancing Security Operations: The Unified Integration of Splunk ES and SOAR
Aura Asset IntelligenceIntroducing Aura Asset Intelligence
default account discoveryHow to Create a Splunk KV Store State Table or Lookup in 10 Simple Steps
default account discoveryTeam DI wins big at Splunk Conf 2014
SpamPredict Spam Using Machine Learning Classification
Help Getting Started with Splunk Asset and Risk Intelligence (ARI)
default account discoveryDiscovering Assets and Identities with Splunk Asset and Risk Intelligence