Splunk Enterprise Security

Splunk ES Assets and identity setup


Hi, has anyone worked with Assets and identity from Splunk Enterprise Security?

I already have the App "Splunk Supporting Add-on for Active Directory" installed

From the app I do connection tests and they are successful but when I enter Splunk ES I do not see Assets and Identity information

What should I check?





Labels (1)
0 Karma



Yes, that is what I need but it is not very clear to me, I need support from someone who can guide me since the documentation is not very clear

at this moment I know that I must enter the tab "Data on Boarding"


but it is not clear to me that I must fill out the form




0 Karma


One approach you could follow 

1.using the LDAP/AD addon that you have pull all the required fields for asset and identity. On to a temp index 

2. Using the events from temp index, create, format and validate the fields and create required lookups.

3. Update asset/identity inputs/macros to your custom lookups








Thanks for your answer, because there is no more specific documentation on what are the values ​​that I could put in that form, could you give me an example of how to fill those fields?

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...