Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What defines an asset priority?

daniel333
Builder
‎10-21-2016 01:52 PM

All,

I am setting up asset center in Splunk ES/PCI. The idea of an Asset priority is sorta vague. Is it left that way on purpose? For me to define?

"Example: Must be one of unknown, informational, low, medium, high, or critical"

Reply

gokadroid
Motivator
‎10-21-2016 08:25 PM

To answer asset priority in simple terms, it means which asset's event will be prioritized if an (similar severity) event occurred at the same time on two assets. Straight from the docs is this:

The priority field (high) is combined with the severity of the search to create the urgency for the notable event.

http://docs.splunk.com/Documentation/PCI/3.2.0/User/AssetManagement#How_asset_fields_are_used

Prioritization. The same type of events on two different systems may not deserve the same level of attention; a medium severity event against a desktop machine is less urgent than the same issue against an externally facing web-server that processes credit card information. Asset management allows an urgency to be computed based on the priority of hosts and assign higher urgency to high priority assets.

http://docs.splunk.com/Documentation/PCI/3.2.0/User/AssetManagement

Reply

kevin8
New Member
‎09-26-2023 11:59 AM

What about the 3rd dimension, risk? Seems fair to make 3 for urgency.

0 Karma
Reply

sdaniels
Splunk Employee
Splunk Employee
‎10-21-2016 02:01 PM

The severity of the event and the priority of the host are combined to generate the urgency of an event. That is what is built into the system. Users desktop less important than server, which is less important than a critical app server etc... You get to assign your priorities based on what is important to your environment.

http://docs.splunk.com/Documentation/PCI/3.2.0/User/AssetManagement

alt text

Preview file
293 KB
Reply

daniel333
Builder
‎10-21-2016 03:02 PM

Hey, thanks for replying. I guess what I am looking for is what defines an asset priority?

0 Karma
Reply

mshill24
Engager
‎04-03-2018 12:29 PM

I have the same/a similar question: How do you change an Asset's priority? I have a bunch of Assets, but they are all medium priority. I want to start changing the priority of some Assets to High and Critical... How do I do this?

0 Karma
Reply

vr2312
Builder
‎09-04-2023 07:19 PM

You can do that by clicking the Assets and Identity lookups and follow the hyperlink under the source tab. That will redirect it to the contents of the lookup where you can click on the field and edit it.

0 Karma
Reply

gokadroid
Motivator
‎10-21-2016 10:23 PM

Asset priority , if required specifically, as per your comment is defined in answer I have provided.

0 Karma
Reply
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey


Introducing Unified TDIR with the New Enterprise Security 8.2

Read the blog
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...