Solved: How to generate a lookup to dynamically add Active...

vaibhavladani · ‎01-20-2016

Can any one help me in generating a lookup to dynamically add the Active Directory to the Splunk Enterprise Security - Assets and Identity list? Had worked out for the the Identity part, but it will help if any one can give me some examples regarding the lookup for Assets from Active Directory.

hire_vladimir · ‎01-20-2016

see https://splunkbase.splunk.com/app/2976/

it contains example of pulling AD assets, among other things, and integration into ES.

View solution in original post

hire_vladimir · ‎01-20-2016

see https://splunkbase.splunk.com/app/2976/

it contains example of pulling AD assets, among other things, and integration into ES.

vaibhavladani · ‎01-21-2016

Hi hire_vladmir tried this SA-IdentityAssetExtraction app and it worked, I was able to get the list of Identities and Assets from my Active Directory which now I will be able to add under ES.
Thanks really appreciate your help.

javiergn · ‎01-20-2016

Hi,

I'm not an ES expert and don't have any ES instance to test this but if you write a quick script in PowerShell and schedule it to export all your assets into a csv file every day (hour, week, whatever) using the Get-ADComputer cmdlet and then configure ES to read from that CSV file and populate your list of assets from there, will that not work for you?

Thanks,
J

How to generate a lookup to dynamically add Active Directory to the Splunk Enterprise Security - Assets and Identity list?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?