Solved: How to generate a lookup to dynamically add Active...

vaibhavladani · ‎01-20-2016

Can any one help me in generating a lookup to dynamically add the Active Directory to the Splunk Enterprise Security - Assets and Identity list? Had worked out for the the Identity part, but it will help if any one can give me some examples regarding the lookup for Assets from Active Directory.

hire_vladimir · ‎01-20-2016

see https://splunkbase.splunk.com/app/2976/

it contains example of pulling AD assets, among other things, and integration into ES.

View solution in original post

hire_vladimir · ‎01-20-2016

see https://splunkbase.splunk.com/app/2976/

it contains example of pulling AD assets, among other things, and integration into ES.

vaibhavladani · ‎01-21-2016

Hi hire_vladmir tried this SA-IdentityAssetExtraction app and it worked, I was able to get the list of Identities and Assets from my Active Directory which now I will be able to add under ES.
Thanks really appreciate your help.

javiergn · ‎01-20-2016

Hi,

I'm not an ES expert and don't have any ES instance to test this but if you write a quick script in PowerShell and schedule it to export all your assets into a csv file every day (hour, week, whatever) using the Get-ADComputer cmdlet and then configure ES to read from that CSV file and populate your list of assets from there, will that not work for you?

Thanks,
J

How to generate a lookup to dynamically add Active Directory to the Splunk Enterprise Security - Assets and Identity list?

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!

Join the Conversation

How to generate a lookup to dynamically add Active Directory to the Splunk Enterprise Security - Assets and Identity list?

Splunk Search APIを使えば調査過程が残せます

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

Congratulations to the 2025-2026 SplunkTrust!