Benefits
- Expedite deployment and configuration following best practices
- Metrics designed to meet your security controls
- Enrichment and risk rules designed to fit your business
- Knowledge transfer to ensure continued success
Contact Us
Splunk Asset and Risk Intelligence Quick Start
Splunk Asset and Risk Intelligence (ARI) provides proactive risk mitigation through continuous asset discovery and compliance monitoring.
Our Splunk Asset and Risk Intelligence Quick Start offering is the best way to expedite your implementation of Splunk ARI and ensure that it meets and exceeds your organizational goals and objectives.
Our team of subject matter experts will work with you to configure and tailor Splunk ARI to your business requirements, ensuring you are successful from the start and setting you up for continued success.
Timing
Day 1: Installation & Configuration
Data source configuration
Metric configuration
Integration with Enterprise Security (if applicable)
User and Administrator knowledge transfer
⇩
Day 2 (Scheduled one week after Day 1)
Configuration of asset enrichment rules
Configuration of asset risk rules
Tuning of data sources and metrics
User and Administrator knowledge transfer
⇩
Day 3 (Scheduled one month after Day 2)
Tuning of data sources
Tuning of metrics
Tuning of enrichment and risk rules
User and Administrator knowledge transfer
Scope
INCLUDED | DETAILS |
---|---|
Data sources | Configuration of up to 7 data sources |
Metrics | Configuration of up to 5 metrics |
Rules | Configuration of up to 5 asset enrichment rules Configuration of up to 3 asset risk rules |
Frameworks | Configuration of up to 2 known (out-of-the-box) cybersecurity frameworks |
Integration | Integration with Enterprise Security (if applicable) |
Prerequisites
- Splunk ARI application installed and available
- Data sources identified and onboarded in Splunk
- Data sources should be CIM compliant
- Company subnet inventory (if available) for configuration with ARI
- Company user directory available for configuration within ARI
- Relevant contextual information on assets (e.g. naming conventions)
- Consultant access provisioned
Out of Scope
- Custom metrics or metric report creation
- ARI Echo implementation and configuration
- Third-party CMDB integration (e.g. ServiceNow)