I have a large organization and a dashboard to handle all enterprise scan data for one of our scan tools. We have all scan data assigned to a project name (we have hundreds of project names). How do I create a process where I can populate a list to Splunk daily with the Active Directory Security group name mapping to a project name. I have a single dashboard (cannot create multiple dashboards or indexes for this) and I have a drop-down box that has a list of projects. I want my users to be able to access the dashboard but only be able to filter for the apps that they are a member of through the Active Directory security groups list. My goal is a scenario where the scan team can maintain their own access to the scan data in the dashboard without making Splunk Admins do programming every time there's an addition or change to the list. I also want to ensure projects don't see scan results for other projects. We scan thousands of systems, so it is not an option to create multiple dashboards or indexes for this data.
Thank you so much for your time. 🙂