All Apps and Add-ons

What defines an asset priority?

Builder

All,

I am setting up asset center in Splunk ES/PCI. The idea of an Asset priority is sorta vague. Is it left that way on purpose? For me to define?

"Example: Must be one of unknown, informational, low, medium, high, or critical"

Motivator

To answer asset priority in simple terms, it means which asset's event will be prioritized if an (similar severity) event occurred at the same time on two assets. Straight from the docs is this:

The priority field (high) is combined with the severity of the search to create the urgency for the notable event.

http://docs.splunk.com/Documentation/PCI/3.2.0/User/AssetManagement#How_asset_fields_are_used

Prioritization. The same type of events on two different systems may not deserve the same level of attention; a medium severity event against a desktop machine is less urgent than the same issue against an externally facing web-server that processes credit card information. Asset management allows an urgency to be computed based on the priority of hosts and assign higher urgency to high priority assets.

http://docs.splunk.com/Documentation/PCI/3.2.0/User/AssetManagement

Splunk Employee
Splunk Employee

The severity of the event and the priority of the host are combined to generate the urgency of an event. That is what is built into the system. Users desktop less important than server, which is less important than a critical app server etc... You get to assign your priorities based on what is important to your environment.

http://docs.splunk.com/Documentation/PCI/3.2.0/User/AssetManagement

alt text

Builder

Hey, thanks for replying. I guess what I am looking for is what defines an asset priority?

0 Karma

Engager

I have the same/a similar question: How do you change an Asset's priority? I have a bunch of Assets, but they are all medium priority. I want to start changing the priority of some Assets to High and Critical... How do I do this?

0 Karma

Motivator

Asset priority , if required specifically, as per your comment is defined in answer I have provided.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!