All Apps and Add-ons

Splunk for Asset Discovery: How Can I get the MAC address?

rbacon
Path Finder

After trying several NMAP command line options, including "nmap -A", it appears that Asset Discovery script does not capture the MAC address of scanned machines on the network. How can I get it using this Splunk App?

Thanks!

0 Karma
1 Solution

mw
Splunk Employee
Splunk Employee

The app scripted input injects a -oG argument in order to force greppable output format. Unfortunately, that output format doesn't support outputting Mac addresses (for whatever reason). So, you'd need to modify the script and then create the necessary configs to deal with the other format. Certainly all possible, but at that point there's not a ton of use for this particular app.

View solution in original post

bbiandov
Path Finder

I've been struggling with this too so guess what sludgy way of solving this worked for me 🙂

cron job: LOL

*/5 * * * * /usr/bin/snmpbulkwalk -v 2c -c public@1 -OXsq 192.168.248.5 .1.3.6.1.2.1.17.4.3.1.2 >> /home/splunk/vlan1.txt

Then monitor the log via the universal splunk forwarded and that's how the data gets into splunk. Sad I know ...

0 Karma

mw
Splunk Employee
Splunk Employee

The app scripted input injects a -oG argument in order to force greppable output format. Unfortunately, that output format doesn't support outputting Mac addresses (for whatever reason). So, you'd need to modify the script and then create the necessary configs to deal with the other format. Certainly all possible, but at that point there's not a ton of use for this particular app.

Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...