asset investigation activity

Investigating Assets and Identities with Splunk Asset and Risk Intelligence

/in , , , /by

Splunk Asset and Risk Intelligence (Splunk ARI) has powerful asset and identity investigative capabilities. Investigations help to reveal the full asset record, cybersecurity control gaps and any associated activity. In this post, we highlight three use cases related to asset investigations using Splunk ARI.

Perform an instant asset investigation

Performing a security investigation and looking for more context into your assets to make smarter and faster decisions? Investigating assets by hostname, MAC or IP address can be performed instantly from the Asset investigation view, which provides detailed information about the asset under investigation in one place. This includes insights such as whether the asset has any cybersecurity control gaps, the first and last time seen, the location, the full asset record and the data sources used by Splunk ARI to discover the asset.

Identify asset associations and activity

Spending hours trying to figure out the users or IP addresses associated with an asset? This is a common task during security investigations and are questions that Splunk ARI can answer instantly, saving significant effort and time. The Activity tab of the Asset investigation view provides detailed information on identities, MAC and IP addresses associated with the asset under investigation, over a selected time range. This includes first and last time associated, along with detailed detection activity over time. Full drill-down capability allows for further investigation, such as an investigation into an associated identity.

Investigate IPs by subnet

Are you investigating a random IP, but have no clue where on your network it is from? The IP subnet investigation view allows for partial or full IP addresses to be investigated and displays insights about related subnets and assets discovered within them. This includes information about all discoved subnets, their network locations and the discovered assets and types within them. This provides a huge amount of essential context and understanding to your investigations.

More from this series:

Looking to find out more about Splunk Asset and Risk Intelligence? Contact us today for a demo and information about our Splunk ARI professional services.

© Discovered Intelligence Inc., 2025. Unauthorized use and/or duplication of this material without express and written permission from this site’s owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Discovered Intelligence, with appropriate and specific direction (i.e. a linked URL) to this original content.

You might also like
splunk attack rangeSave Time and Improve your Security Posture with Splunk Attack Range
Asset Investigations with Splunk Asset and Risk Intelligence
splunk saved searchRunning a Splunk Search in a Different Time Zone
Harnessing Ingest-Time Eval Fields
Splunk asset and risk intelligenceMaster your Operational Data, with the Splunk Operational Intelligence Cookbook
Splunk asset and risk intelligenceNorthern Enlightenment – Splunking Canadian Weather Extremes
ChatGPT and SPL: A Dynamic Duo for Learning Splunk’s Query Language
Splunk asset and risk intelligenceIntroducing Splunk Asset and Risk Intelligence