Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create a dashboard that runs searches against a CSV of devices in our subnet to display new/unauthorized devices?

crossap
Path Finder
‎03-25-2015 03:09 AM

Hi,

Sorry I am sure this is a noob question, but I am struggling after searching to find the best way to obtain the results I require.

I am in the process of trying to create a dashboard to meet the SANS 20 requirements and have been using http://www.splunk.com/web_assets/pdfs/secure/Splunk-and-the-SANS-Top-20-Critical-Security-Controls.p... to find the best way to meet each control.

Currently I am working on unauthorized devices and have setup asset discovery to scan our subnet which is fine. What I would like to do it to create a CSV or something else that the NMAP results are compared to and then display any devices that are not on the list. This will allow us to have easy visibility of new devices.

At the moment there is no asset DB/system and the CSV would be a manual process until an asset DB is purchased.

Any assistance or suggestions on the best way to either achieve the above or a better solution would be welcome.

thanks

Tags (3)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-25-2015 05:14 AM

Your CSV will serve as the asset DB until a formal DB is acquired. Build the CSV using your asset discovery mechanism. Write all discovered assets to the CSV then manually remove those that do not belong. Now you have something to which to compare for your reports. Of course, someone will have to update the CSV manually as assets are purchased and disposed.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

For the past four years, Splunk has partnered with Enterprise Strategy Group to conduct a survey that gauges ...

Data-Driven Success: Splunk & Financial Services

Splunk streamlines the process of extracting insights from large volumes of data. In this fast-paced world, ...