Splunk Asset and Risk Intelligence (Splunk ARI) discovers and reports on risks affecting assets and identities. This risk discovery is performed in real-time, ensuring that risks can be quickly addressed, helping to limit exposure and increase overall security posture. In this post, we highlight three use cases related to asset risk using Splunk ARI.
https://discoveredintelligence.com/wp-content/uploads/2025/04/ari_endpoint_security_gaps.png8321402Discovered Intelligencehttps://discoveredintelligence.com/wp-content/uploads/2013/12/DI-Logo1-300x137.pngDiscovered Intelligence2025-04-08 08:52:002025-04-08 13:11:09Finding Asset and Identity Risk with Splunk Asset and Risk Intelligence
Splunk Asset and Risk Intelligence (Splunk ARI) keeps track asset and identity discovery activity over time. This activity supports investigations into who had what asset and when, in addition to providing insights about asset changes over time and when they were first or last discovered. In this post, we highlight three use cases related to asset activity using Splunk ARI.
https://discoveredintelligence.com/wp-content/uploads/2025/03/ari_ephemeral_asset.png8321402Discovered Intelligencehttps://discoveredintelligence.com/wp-content/uploads/2013/12/DI-Logo1-300x137.pngDiscovered Intelligence2025-03-31 14:55:352025-04-15 14:45:59Reveal Asset and Identity Activity with Splunk Asset and Risk Intelligence
Splunk Asset and Risk Intelligence (Splunk ARI) has powerful asset and identity investigative capabilities. Investigations help to reveal the full asset record, cybersecurity control gaps and any associated activity. In this post, we highlight three use cases related to asset investigations using Splunk ARI.
https://discoveredintelligence.com/wp-content/uploads/2025/03/ari_asset_investigation_activity.png8321402Discovered Intelligencehttps://discoveredintelligence.com/wp-content/uploads/2013/12/DI-Logo1-300x137.pngDiscovered Intelligence2025-03-25 13:44:082025-04-15 14:43:35Investigating Assets and Identities with Splunk Asset and Risk Intelligence
Splunk Asset and Risk Intelligence (Splunk ARI) continually discovers assets and identities. It does this using a patented approach that correlates data across mulitple sources in real-time. In this post, we highlight three use cases related to asset discovery using Splunk ARI.
https://discoveredintelligence.com/wp-content/uploads/2025/03/ari_default_account_discovery.png8321402Discovered Intelligencehttps://discoveredintelligence.com/wp-content/uploads/2013/12/DI-Logo1-300x137.pngDiscovered Intelligence2025-03-20 14:09:012025-04-15 14:11:23Discovering Assets and Identities with Splunk Asset and Risk Intelligence
Data protection is a critical priority for any organization, especially when dealing with sensitive information like personal identifiable information (PII) and protected health information (PHI) data. Implementing robust protection mechanisms not only ensures compliance with regulations like the General Data Protection Regulation (GDPR) but also mitigates the risk of data breaches.
https://discoveredintelligence.com/wp-content/uploads/2025/01/field_filters.jpg7201000Carlos Moreno Buitragohttps://discoveredintelligence.com/wp-content/uploads/2013/12/DI-Logo1-300x137.pngCarlos Moreno Buitrago2025-01-21 15:45:242025-01-21 15:47:43Field Filters 101: The Basics You Need to Know
If your Cribl environment was set up a few years ago, it might be time to revisit some of your settings—particularly the Persistent Queue (PQ) settings on your source inputs. Recently, while troubleshooting an issue, I discovered that the PQ settings were the root cause of the problem. I wanted to share my findings in case they help you optimize your Cribl setup.
https://discoveredintelligence.com/wp-content/uploads/2024/11/persistent_queues.jpg6651000Terry Mulliganhttps://discoveredintelligence.com/wp-content/uploads/2013/12/DI-Logo1-300x137.pngTerry Mulligan2024-12-10 17:08:082024-12-11 18:32:18Beyond Smart: When ‘Always On’ Mode is the Best Choice for Cribl Persisent Queues
Splunk Cloud Platform recently got an exciting new feature, it’s the new app export feature which provides cloud admins self-service capability to export app configuration files and associated app data.
We had a recent request to create a Splunk alert that runs hourly with a time range of midnight UTC of current date to current time. This sounds like an easy request, but when you look into it it’s a bit more complicated than it seems.
https://discoveredintelligence.com/wp-content/uploads/2024/11/savedsearch-2.png509854Darren Fullerhttps://discoveredintelligence.com/wp-content/uploads/2013/12/DI-Logo1-300x137.pngDarren Fuller2024-11-15 13:38:362024-11-18 14:59:42Running a Splunk Search in a Different Time Zone
Integrating Splunk Enterprise Security (ES) with Splunk Security Orchestration, Automation and Response (SOAR) can significantly enhance your organization’s security operations. By automating alert handling and response processes, this integration streamlines security incident management and enables faster, more effective threat mitigation. Splunk SOAR empowers security teams to automate actions based on Splunk ES detections using assigned playbooks, enabling seamless incident resolution.
https://discoveredintelligence.com/wp-content/uploads/2024/08/es_soar.jpg5751000Heejoon Byunhttps://discoveredintelligence.com/wp-content/uploads/2013/12/DI-Logo1-300x137.pngHeejoon Byun2024-09-30 18:01:202025-01-09 15:53:00Enhancing Security Operations: The Unified Integration of Splunk ES and SOAR
Have you ever wished you had a fresh ephemeral Splunk instance that you could quickly spin up, run some tests and then kill it, with maximum speed and minimum cloud costs?
Enter Hashi Terraform to the rescue. The industry-leading infrastructure-as-code tool makes the standup, setup and teardown of cloud compute nodes simple, speedy and repeatable so that an environment can be built, a complete set of tests can be run, results received and the test nodes destroyed in minutes rather than hours.
In this whitepaper, I show how I set up my computer and built the Search Head and Deployment server, as well as how I set up the many Splunk Universal Forwarders to satisfy the test plan.
Download Whitepaper
Get access to this exciting whitepaper now, by completing the form below.
https://discoveredintelligence.com/wp-content/uploads/2024/08/di_terraform_gcp_splunk_whitepaper.jpg6821000Darren Fullerhttps://discoveredintelligence.com/wp-content/uploads/2013/12/DI-Logo1-300x137.pngDarren Fuller2024-09-09 15:35:512024-10-04 13:49:48Setting Up a Splunk Testing Environment Using Terraform & GCP