Posts

Finding Asset and Identity Risk with Splunk Asset and Risk Intelligence

Splunk Asset and Risk Intelligence (Splunk ARI) discovers and reports on risks affecting assets and identities. This risk discovery is performed in real-time, ensuring that risks can be quickly addressed, helping to limit exposure and increase overall security posture. In this post, we highlight three use cases related to asset risk using Splunk ARI.

Read more

Field Filters 101: The Basics You Need to Know

Hello, Field Filters!

Data protection is a critical priority for any organization, especially when dealing with sensitive information like personal identifiable information (PII) and protected health information (PHI) data. Implementing robust protection mechanisms not only ensures compliance with regulations like the General Data Protection Regulation (GDPR) but also mitigates the risk of data breaches. 

Read more

Help Getting Started with Splunk Asset and Risk Intelligence (ARI)

With the recent release of Splunk Asset and Risk Intelligence (ARI), you may be looking for a better understanding of this great new solution and how you may get started. We have compiled a list of materials and resources you can use to help achieve this goal.

Read and Learn

Product overviews and briefs

If this is your first time reading up on Splunk Asset and Risk Intelligence, check these out first:

> Our Splunk Asset and Risk Intelligence overview
> Splunk Asset and Risk Intelligence web page
> Splunk Asset and Risk Intelligence Product Brief
> Splunk Asset and Risk Intelligence Technical Brief

Splunk Asset and Identity Intelligence E-book

Splunk has published an essential guide, which outlines several use cases to explore.

> Essential Guide to Continuous Asset and Identity Intelligence

Blog posts

Get a quick look at the Splunk ARI interface with screen shots of the platform, along with information about its features and capabilities through the following blog posts:

> Introducing Splunk Asset and Risk Intelligence
> Asset Discovery with Splunk Asset and Risk Intelligence
> Asset Investigations with Splunk Asset and Risk Intelligence
> Asset Activity with Splunk Asset and Risk Intelligence
> Asset Risk with Splunk Asset and Risk Intelligence
> Continuous, and Compliant: Obtain Proactive Insights with Splunk Asset and Risk Intelligence

Watch and Interact

Videos

> Splunk Asset and Risk Intelligence Intro video

Tours

> Take the Splunk Asset and Risk Intelligence Guided Tour

Demos

> Book a demo with Discovered Intelligence

Help and Support

Splunk Answers

Get answers from the community

> Splunk Answers – ARI

Splunk Documentation

Get specific instructions for tasks within the Splunk ARI platform by reviewing the documentation:

> Splunk Asset and Risk Intelligence Documentation

Splunk ARI Professional Services

It is often quicker, easier and more cost effective to get the Splunk ARI experts in. Our award winning consultants are highly trained on Splunk ARI and will ensure your continued success.

> Splunk ARI Quick Start Program
> Splunk ARI Professional Services

Contact Us

Contact us today to find out more about Splunk Asset and Risk Intelligence and how we can help you be successful.


Looking to expedite your success with Splunk ARI? Contact us today to discuss and get started.

© Discovered Intelligence Inc., 2024. Unauthorized use and/or duplication of this material without express and written permission from this site’s owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Discovered Intelligence, with appropriate and specific direction (i.e. a linked URL) to this original content.

Asset Risk with Splunk Asset and Risk Intelligence

Splunk Asset and Risk Intelligence (ARI) provides teams with detailed and powerful visibility into risks affecting discovered assets. This helps teams to quickly identify and address gaps in security controls, understand compliance with cybersecurity frameworks and offers greater context during security investigations.

Read more

Asset Activity with Splunk Asset and Risk Intelligence

Splunk Asset and Risk Intelligence (ARI) provides detailed insights into how active an asset has been over time. Instantly identify who had what asset and when, view any asset changes or even identify unusual asset activity within your network.

Read more

Asset Investigations with Splunk Asset and Risk Intelligence

Splunk Asset and Risk Intelligence (ARI) enables your team to quickly perform complete and thorough asset investigations. An interactive and holistic approach provides security teams with much needed context about assets, including asset health, network activity and associations.

Read more

Asset Discovery with Splunk Asset and Risk Intelligence

Splunk Asset and Risk Intelligence (ARI) continuously discovers all assets on the network using a unique approach that creates a single source of truth from multiple sources of record, resulting in comprehensive and accurate asset visibility and reporting.

Read more

Introducing Splunk Asset and Risk Intelligence

What is Splunk Asset and Risk Intelligence?

Splunk Asset and Risk Intelligence (ARI) is a powerful, premium application from Splunk which delivers proactive risk mitigation through continuous asset discovery and compliance monitoring.

Read more

Splunk Asset and Risk Intelligence – a CAASM Solution for Splunk

Image credit: https://www.splunk.com/en_us/products/asset-and-risk-intelligence.html

At the recent Splunk .Conf in Las Vegas a couple of weeks ago, we were able to get a detailed demo of Splunk’s new and exciting Splunk Asset and Risk Intelligence (Splunk ARI) security solution. What a great solution and one that is much needed within their security solution portfolio. Splunk ARI falls into a category of products known as CAASM – Cyber Asset Attack Surface Management. In this post, we dive a little deeper into what CAASM is, why it is critical tool for your organization and how Splunk ARI can help.

Read more

Save Time and Improve your Security Posture with Splunk Attack Range

The security posture of organizations is one of the most important factors year after year when it comes to defining internal strategies.

“Global cyberattacks increased by 38% in 2022 compared to 2021, with an average of 1168 weekly attacks per organization”

~ Check Point Research

The quote from Check Point Research above illustrates where the future trend of cybersecurity is headed and the challenges that organizations must face. However, anticipating and preparing the system defenses to evade and mitigate these attacks is not an easy task. From defining response and incident strategies to preparing work teams and configuring monitoring systems, it can all be a challenge.

Your core business is not to detect and mitigate security attacks, but is this essential to the achievement of your objectives? Have you ever wondered how you can simulate attacks and detections within a controlled environment to validate the configuration of your detection systems without spending part of your annual security budget? Read on and discover Splunk Attack Range.

What is Splunk Attack Range?

Splunk Attack Range is a tool developed by Splunk Threat Research Team (STRT) to simulate cyber attacks in a controlled environment for the purpose of improving an organization’s security posture. It allows security teams to test and validate their detection and response capabilities against a wide range of attack scenarios and techniques, such as phishing, malware infections, lateral movement, and data exfiltration.

Splunk Attack Range is designed to work with Splunk Enterprise Security, which is a security information and event management (SIEM) solution, and includes pre-built attack scenarios that are aligned with the MITRE ATT&CK framework, these ones can be customized to simulate the specific threats and vulnerabilities that are relevant to an organization’s environment.

splunk attack range

Where can I get Attack Range?

The STRT and the Splunk community are maintaining the project in GitHub.

Is Splunk Attack Range Easy to Deploy?

Yes, it is really straightforward! You can deploy it locally (if you have a powerful machine), on Azure or on AWS. Internally, we use our AWS environment and with a few simple steps, in a matter of minutes, terraform and ansible automatically deploy a complete test lab to validate our customers’ security configurations and optimize the security posture with Splunk’s real-time monitoring. This process allows for a proactive approach to managing security postures with Splunk and saves a lot of time for your Blue Team.

…and now?

Have fun! By merging our Splunk expertise and using these kinds of automation tools, we have been able to speed up our internal testing processes, stay agile and secure with Splunk’s security posture management tool, and transfer this knowledge and configurations on to our customers’ cybersecurity teams.

We strongly encourage you to try this tool. Check out an overview of v1.0, v2.0 and v3.0 in the Splunk blog.


Looking to expedite your success with Splunk Attack Range? Click here to view our Splunk Professional Service offerings.

Splunk Professional Services Partner

© Discovered Intelligence Inc., 2023. Unauthorised use and/or duplication of this material without express and written permission from this site’s owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Discovered Intelligence, with appropriate and specific direction (i.e. a linked URL) to this original content.